VYPR

Handlebars

by Handlebarsjs

npm: handlebars

Source repositories

CVEs (6)

  • CVE-2026-33937CriMar 27, 2026
    risk 0.57cvss 9.8epss 0.01

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()` accepts a pre-parsed AST object in addition to a template string. The `value` field of a `NumberLiteral` AST node is emitted directly into the…

  • CVE-2026-33941HigMar 27, 2026
    risk 0.46cvss 8.2epss 0.00

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names and several CLI options —…

  • CVE-2026-33940HigMar 27, 2026
    risk 0.46cvss 8.1epss 0.01

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in the template context can bypass all conditional guards in `resolvePartial()` and cause `invokePartial()` to return `undefined`. The…

  • CVE-2026-33938HigMar 27, 2026
    risk 0.46cvss 8.1epss 0.01

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block` special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary…

  • CVE-2026-33939HigMar 27, 2026
    risk 0.42cvss 7.5epss 0.01

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls `lookupProperty(decorators,…

  • CVE-2026-33916MedMar 27, 2026
    risk 0.24cvss 4.7epss 0.00

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `resolvePartial()` in the Handlebars runtime resolves partial names via a plain property lookup on `options.partials` without guarding against prototype-chain…