npm package
mjml
pkg:npm/mjml
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-67898 | Med | 4.5 | <= 4.18.0 | — | Dec 14, 2025 | MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827. | |
| CVE-2020-12827 | — | < 4.6.3 | 4.6.3 | Jun 17, 2020 | MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. |
- affected <= 4.18.0
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
- CVE-2020-12827Jun 17, 2020affected < 4.6.3fixed 4.6.3
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.