Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package liquidjs, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (14)
CVE-2026-45617 — CVSS 7.5 (high): LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the built-in…
CVE-2026-30952 — CVSS 7.5 (high): liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags…
CVE-2026-33285 — CVSS 7.5 (high): LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit`…
CVE-2026-33287 — CVSS 7.5 (high): LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in…
CVE-2026-35525 — CVSS 7.5 (high): LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% render %}, and…
CVE-2026-39859 — CVSS 7.5 (high): LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as…
CVE-2026-41311 — CVSS 7.5 (high): LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in…
CVE-2026-45357 — CVSS 7.5 (high): LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's…
CVE-2026-44645 — CVSS 6.5 (medium): LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the renderLimit…
CVE-2026-44644 — CVSS 6.1 (medium): LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS…
CVE-2022-25948 — CVSS 5.3 (medium): The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in…
CVE-2026-39412 — CVSS 5.3 (medium): LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sort_natural filter bypasses the…
CVE-2026-44646 — CVSS 5.3 (medium): LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn()…
CVE-2026-34166 — CVSS 3.7 (low): LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter in LiquidJS…