Handlebarsjs Handlebars — known CVE vulnerabilities
Every CVE whose affected-product data names Handlebarsjs Handlebars, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2026-33937 — CVSS 9.8 (critical): Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `Handlebars.compile()`…
CVE-2026-33941 — CVSS 8.2 (high): Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI…
CVE-2019-20920 — CVSS 8.1 (high): Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate…
CVE-2026-33938 — CVSS 8.1 (high): Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the `@partial-block`…
CVE-2026-33940 — CVSS 8.1 (high): Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, a crafted object placed in…
CVE-2019-20922 — CVSS 7.5 (high): Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an…
CVE-2026-33939 — CVSS 7.5 (high): Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template…
CVE-2021-23369 — CVSS 5.6 (medium): The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile…
CVE-2021-23383 — CVSS 5.6 (medium): The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates…
CVE-2026-33916 — CVSS 4.7 (medium): Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, `resolvePartial()` in the…