15 Total advisories
15 Vulnerabilities
0 Malware
Vulnerabilities
HIGH 7.5
CVE-2026-45357
LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)
CRITICAL 10.0
CVE-2026-45618
LiquidJS is Vulnerable to Remote Code Execution
HIGH 7.5
CVE-2026-45617
LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex
MEDIUM 5.3
CVE-2026-44646
LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`
MEDIUM 6.5
CVE-2026-44645
LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body
MEDIUM 6.1
CVE-2026-44644
LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS
HIGH 7.5
CVE-2026-41311
liquidjs has a Denial of Service via circular block reference in layout
HIGH 7.5
CVE-2026-35525
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
MEDIUM 5.3
CVE-2026-39412
LiquidJS: ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel
LOW 3.7
CVE-2026-34166
LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter
UNKNOWN
CVE-2026-39859
LiquidJS: `renderFile()` / `parseFile()` bypass configured `root` and allow arbitrary file read
HIGH 7.5
CVE-2026-33285
LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash
HIGH 7.5
CVE-2026-33287
LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern
UNKNOWN
CVE-2026-30952
liquidjs has a path traversal fallback vulnerability
MEDIUM 5.3
CVE-2022-25948
liquidjs may leak properties of a prototype
Ready to move
Start Securing
Free, no credit card | First findings in minutes