High severity7.3OSV Advisory· Published Feb 21, 2025· Updated Apr 15, 2026
CVE-2025-27109
CVE-2025-27109
Description
solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
solid-jsnpm | < 1.9.4 | 1.9.4 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.