Package impact
npm / liquidjs
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41311 | medium | 6.5 | 6.5 | 20d ago | liquidjs has a Denial of Service via circular block reference in layout | |||
| CVE-2026-44646 | medium | — | 5.5 | 2d ago | LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()` | |||
| CVE-2026-44645 | medium | — | 5.5 | 2d ago | LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body | |||
| CVE-2026-44644 | medium | — | 5.5 | 2d ago | LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS |