VYPR

npm package

mjml

pkg:npm/mjml

Vulnerabilities (2)

  • CVE-2025-67898MedDec 14, 2025
    affected <= 4.18.0

    MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.

  • CVE-2020-12827Jun 17, 2020
    affected < 4.6.3fixed 4.6.3

    MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.