Package impact
npm / liquidjs
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45617 | high | — | 8.0 | 1d ago | LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex | |||
| CVE-2026-45357 | high | — | 8.0 | 1d ago | LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime) | |||
| CVE-2026-41311 | medium | 6.5 | 6.5 | 20d ago | liquidjs has a Denial of Service via circular block reference in layout | |||
| CVE-2026-44646 | medium | — | 5.5 | 2d ago | LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()` | |||
| CVE-2026-44645 | medium | — | 5.5 | 2d ago | LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body | |||
| CVE-2026-44644 | medium | — | 5.5 | 2d ago | LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS |