VIR Vulnerability Intelligence Relay

Package impact

npm npm / liquidjs

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45618 critical 9.5 7d ago LiquidJS is Vulnerable to Remote Code Execution
CVE-2026-45617 high 8.0 7d ago LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex
CVE-2026-45357 high 8.0 7d ago LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)
CVE-2026-41311 medium 6.5 6.5 26d ago liquidjs has a Denial of Service via circular block reference in layout
CVE-2026-44646 medium 5.5 8d ago LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`
CVE-2026-44645 medium 5.5 8d ago LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body
CVE-2026-44644 medium 5.5 8d ago LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS
CVE-2026-39859 unknown 2mo ago LiquidJS: `renderFile()` / `parseFile()` bypass configured `root` and allow arbitrary file read
CVE-2026-39412 unknown 2mo ago LiquidJS: ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel
CVE-2026-35525 unknown 2mo ago LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
CVE-2026-34166 unknown 2mo ago LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter
CVE-2026-33287 unknown 2mo ago LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern
CVE-2026-33285 unknown 2mo ago LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash
CVE-2026-30952 unknown 3mo ago liquidjs has a path traversal fallback vulnerability
CVE-2022-25948 unknown 4y ago liquidjs may leak properties of a prototype