CRITICAL9.8CVE-2026-33937Handlebars.js has JavaScript Injection via AST Type Confusion >= 4.0.0, < 4.7.9
from 0, < 4.7.7
CRITICAL9.8CVE-2021-23369Remote code execution in handlebars when compiling templates from 0, < 4.7.7
CRITICAL9.8Prototype Pollution in handlebars
>= 4.0.0, < 4.3.0
HIGH8.2Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
>= 4.0.0, < 4.7.9
HIGH8.1Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
>= 4.0.0, < 4.7.9
HIGH8.1Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
>= 4.0.0, < 4.7.9
HIGH8.1Arbitrary Code Execution in Handlebars
from 0, < 3.0.8
HIGH7.5Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
>= 4.0.0, < 4.7.9
HIGH7.5Regular Expression Denial of Service in Handlebars
>= 4.0.0, < 4.4.5
MEDIUM6.1Cross-Site Scripting in handlebars
from 0, < 4.0.0
MEDIUM4.7Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection
>= 4.0.0, < 4.7.9