Handlebars — CVE history (npm)

Handlebars

10 CVEs affect the Handlebars npm package (highest CVSS 9.8). Latest disclosed: 2026-03-27. Full CVE history sourced from NVD.

Summary

Package
Handlebars (npm)
Total CVEs
10
Actively exploited (CISA KEV)
0
Highest CVSS
9.8
Latest disclosed
2026-03-27

Recent CVEs (top 10)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-33941High8.22026-03-27Handlebars provides the power necessary to let users build semantic templates.
CVE-2026-33940High8.12026-03-27Handlebars provides the power necessary to let users build semantic templates.
CVE-2026-33939High7.52026-03-27Handlebars provides the power necessary to let users build semantic templates.
CVE-2026-33938High8.12026-03-27Handlebars provides the power necessary to let users build semantic templates.
CVE-2026-33937Critical9.82026-03-27Handlebars provides the power necessary to let users build semantic templates.
CVE-2026-33916Medium4.72026-03-27Handlebars provides the power necessary to let users build semantic templates.
CVE-2021-23383Medium5.62021-05-04The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
CVE-2021-23369Medium5.62021-04-12The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
CVE-2019-20922High7.52020-09-30Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching.
CVE-2019-20920High8.12020-09-30Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution.

All-time worst (top 10 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-33937Critical9.82026-03-27Handlebars provides the power necessary to let users build semantic templates.
CVE-2026-33941High8.22026-03-27Handlebars provides the power necessary to let users build semantic templates.
CVE-2026-33940High8.12026-03-27Handlebars provides the power necessary to let users build semantic templates.
CVE-2026-33938High8.12026-03-27Handlebars provides the power necessary to let users build semantic templates.
CVE-2019-20920High8.12020-09-30Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution.
CVE-2026-33939High7.52026-03-27Handlebars provides the power necessary to let users build semantic templates.
CVE-2019-20922High7.52020-09-30Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching.
CVE-2021-23383Medium5.62021-05-04The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
CVE-2021-23369Medium5.62021-04-12The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
CVE-2026-33916Medium4.72026-03-27Handlebars provides the power necessary to let users build semantic templates.