Search for packages
| purl | pkg:npm/ejs@0.8.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9hgv-yjdc-j7g7
Aliases: CVE-2017-1000188 GHSA-hwcf-pp87-7x6p |
Cross-site Scripting The ejs module is vulnerable to a Cross-site-scripting in `ejs.renderFile()`. |
Affected by 0 other vulnerabilities. |
|
VCID-k525-8c5h-tbdq
Aliases: CVE-2017-1000189 GHSA-6x77-rpqf-j6mw |
Improper Input Validation The ejs module is vulnerable to a denial-of-service due to weak input validation in the `ejs.renderFile()`. |
Affected by 0 other vulnerabilities. |
|
VCID-nq37-ewy1-d7et
Aliases: CVE-2017-1000228 GHSA-3w5v-p54c-f74x |
Improper Input Validation The ejs module is vulnerable to remote code execution due to weak input validation in `ejs.renderFile()` function. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:10:17.453590+00:00 | GitLab Importer | Affected by | VCID-k525-8c5h-tbdq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ejs/CVE-2017-1000189.yml | 38.6.0 |
| 2026-06-04T20:10:17.229022+00:00 | GitLab Importer | Affected by | VCID-nq37-ewy1-d7et | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ejs/CVE-2017-1000228.yml | 38.6.0 |
| 2026-06-04T20:10:17.010205+00:00 | GitLab Importer | Affected by | VCID-9hgv-yjdc-j7g7 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ejs/CVE-2017-1000188.yml | 38.6.0 |