Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/ejs@3.1.7
purl pkg:npm/ejs@3.1.7
Next non-vulnerable version 3.1.10
Latest non-vulnerable version 3.1.10
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-46sh-p9cn-1yd9
Aliases:
CVE-2024-33883
GHSA-ghr5-ch3p-vcr6
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
3.1.10
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-v8d9-jj2b-d3g4 ejs template injection vulnerability CVE-2022-29078
GHSA-phwq-j96m-2c2q

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T19:26:44.463949+00:00 GitLab Importer Affected by VCID-46sh-p9cn-1yd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ejs/CVE-2024-33883.yml 38.6.0
2026-06-12T15:44:00.138672+00:00 GitLab Importer Fixing VCID-v8d9-jj2b-d3g4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ejs/CVE-2022-29078.yml 38.6.0
2026-06-12T08:13:12.725543+00:00 GithubOSV Importer Fixing VCID-v8d9-jj2b-d3g4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-phwq-j96m-2c2q/GHSA-phwq-j96m-2c2q.json 38.6.0
2026-06-11T20:28:51.931478+00:00 GHSA Importer Fixing VCID-v8d9-jj2b-d3g4 https://github.com/advisories/GHSA-phwq-j96m-2c2q 38.6.0