Package impact
npm / liquidjs
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-41311 | medium | 6.5 | 6.5 | 20d ago | liquidjs has a Denial of Service via circular block reference in layout | |
| CVE-2026-44646 | medium | — | 5.5 | 2d ago | LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()` | |
| CVE-2026-44645 | medium | — | 5.5 | 2d ago | LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body | |
| CVE-2026-44644 | medium | — | 5.5 | 2d ago | LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS |