Package impact
npm / liquidjs
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45618 | critical | — | 9.5 | 8d ago | LiquidJS is Vulnerable to Remote Code Execution | |||
| CVE-2026-41311 | medium | 6.5 | 6.5 | 26d ago | liquidjs has a Denial of Service via circular block reference in layout | |||
| CVE-2026-44646 | medium | — | 5.5 | 8d ago | LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()` | |||
| CVE-2026-44645 | medium | — | 5.5 | 8d ago | LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body | |||
| CVE-2026-44644 | medium | — | 5.5 | 8d ago | LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS |