Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package mjml, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2020-12827 — CVSS 7.2 (high): MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.
CVE-2025-67898 — CVSS 4.5 (medium): MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue…