liquidjs vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-45618Criticalliquidjs: LiquidJS is Vulnerable to Remote Code ExecutionCVE-2026-45617Highliquidjs: LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter RegexCVE-2026-45357Highliquidjs: LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter…CVE-2026-44646Mediumliquidjs: LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via…CVE-2026-44645Mediumliquidjs: LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` bodyCVE-2026-44644Mediumliquidjs: LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSSCVE-2026-41311Highliquidjs: liquidjs has a Denial of Service via circular block reference in layoutCVE-2026-39859Mediumliquidjs: LiquidJS: `renderFile()` / `parseFile()` bypass configured `root` and allow arbitrary file readCVE-2026-39412Mediumliquidjs: LiquidJS: ownPropertyOnly bypass via sort_natural filter — prototype property information…CVE-2026-35525Highliquidjs: LiquidJS: Root restriction bypass for partial and layout loading through symlinked templatesCVE-2026-34166Lowliquidjs: LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` FilterCVE-2026-33287Highliquidjs: LiquidJS has Exponential Memory Amplification through its replace_first Filter $& PatternCVE-2026-33285Highliquidjs: LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process CrashCVE-2026-30952Highliquidjs: liquidjs has a path traversal fallback vulnerabilityCVE-2022-25948Mediumliquidjs: liquidjs may leak properties of a prototype

Stop the waste.
Protect your environment with Kodem.