Handlebars.js Project Handlebars.js — known CVE vulnerabilities
Every CVE whose affected-product data names Handlebars.js Project Handlebars.js, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2019-19919 — CVSS 9.8 (critical): Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an…
CVE-2015-8861 — CVSS 6.1 (medium): The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a…