Harttle Liquidjs
8 CVEs affecting Harttle Liquidjs. Latest disclosed: 2026-05-09. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41311 | High | 7.5 | 2026-05-09 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in {% layout %} / {% b… |
CVE-2026-33285 | High | 7.5 | 2026-03-26 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit` security mechanism can b… |
CVE-2026-33287 | High | 7.5 | 2026-03-26 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaS… |
CVE-2026-39412 | Medium | 5.3 | 2026-04-08 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sort_natural filter bypasses the ownPropertyOnly secu… |
CVE-2026-34166 | Low | 3.7 | 2026-04-08 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter in LiquidJS incorrectly accounts for m… |
CVE-2026-39859 | | 2026-04-08 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as constraining filenames… | |
CVE-2026-35525 | | 2026-04-08 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% render %}, and {% layout %}, Liquid… | |
CVE-2026-30952 | | 2026-03-10 | liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file… |