Handlebarsjs Handlebars
10 CVEs affecting Handlebarsjs Handlebars. Latest disclosed: 2026-03-27. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33937 | Critical | 9.8 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST… |
CVE-2026-33941 | High | 8.2 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars… |
CVE-2026-33940 | High | 8.1 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context… |
CVE-2026-33938 | High | 8.1 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored… |
CVE-2019-20920 | High | 8.1 | 2020-09-30 | Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attack… |
CVE-2026-33939 | High | 7.5 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator s… |
CVE-2019-20922 | High | 7.5 | 2020-09-30 | Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while proc… |
CVE-2021-23383 | Medium | 5.6 | 2021-05-04 | The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untruste… |
CVE-2021-23369 | Medium | 5.6 | 2021-04-12 | The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an… |
CVE-2026-33916 | Medium | 4.7 | 2026-03-27 | Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `resolvePartial()` in the Handlebars runtime re… |