Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package pug, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2021-21353 — CVSS 6.8 (medium): Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control…
CVE-2024-36361 — CVSS 6.8 (medium): Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient…