Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/handlebars@3.0.0
purl pkg:npm/handlebars@3.0.0
Next non-vulnerable version 4.7.9
Latest non-vulnerable version 4.7.9
Risk 4.5
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-5zmc-mjp2-dqgw
Aliases:
GHSA-q42p-pg8m-cqh6
GMS-2019-126
Prototype Pollution in handlebars
3.0.7
Affected by 7 other vulnerabilities.
4.0.14
Affected by 16 other vulnerabilities.
4.1.2
Affected by 16 other vulnerabilities.
VCID-67n9-w7kp-4kg5
Aliases:
GHSA-2cf5-4w76-r9qv
GMS-2020-727
Arbitrary Code Execution in handlebars
3.0.8
Affected by 2 other vulnerabilities.
4.5.2
Affected by 12 other vulnerabilities.
VCID-6cew-j5jr-euef
Aliases:
CVE-2019-20920
GHSA-3cqr-58rm-57f8
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).
3.0.8
Affected by 2 other vulnerabilities.
4.5.3
Affected by 9 other vulnerabilities.
VCID-cvg5-usxy-z3fm
Aliases:
GHSA-g9r4-xpmj-mj65
GMS-2020-729
Prototype Pollution in handlebars
3.0.8
Affected by 2 other vulnerabilities.
4.5.3
Affected by 9 other vulnerabilities.
VCID-m941-ke7y-p3g8
Aliases:
CVE-2015-8861
GHSA-9prh-257w-9277
Cross-Site Scripting in handlebars
4.0.0
Affected by 17 other vulnerabilities.
VCID-njfv-eyqc-n7bm
Aliases:
CVE-2021-23369
GHSA-f2jv-r9rf-7988
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
4.7.7
Affected by 8 other vulnerabilities.
VCID-qsg9-mgyp-5ydz
Aliases:
CVE-2019-19919
GHSA-w457-6q6x-cgp9
Prototype Pollution in handlebars
3.0.8
Affected by 2 other vulnerabilities.
4.3.0
Affected by 15 other vulnerabilities.
VCID-rynq-af1m-3kbr
Aliases:
CVE-2021-23383
GHSA-765h-qjxv-5f44
Prototype Pollution in handlebars
4.7.7
Affected by 8 other vulnerabilities.
VCID-srcc-ye5f-3qfk
Aliases:
GMS-2015-33
XSS vulnerability due to improper value escaping The library does not properly escape attribute values making XSS exploits possible.
4.0.0
Affected by 17 other vulnerabilities.
VCID-yjze-r3dm-wuhm
Aliases:
GHSA-q2c6-c6pm-g3gh
GMS-2020-730
Arbitrary Code Execution in handlebars
3.0.8
Affected by 2 other vulnerabilities.
4.5.3
Affected by 9 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T16:43:55.249158+00:00 GitLab Importer Affected by VCID-67n9-w7kp-4kg5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/GMS-2020-727.yml 38.6.0
2026-06-13T16:43:44.452005+00:00 GitLab Importer Affected by VCID-yjze-r3dm-wuhm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/GMS-2020-730.yml 38.6.0
2026-06-13T16:43:26.077937+00:00 GitLab Importer Affected by VCID-cvg5-usxy-z3fm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/GMS-2020-729.yml 38.6.0
2026-06-13T08:26:42.382226+00:00 GHSA Importer Affected by VCID-njfv-eyqc-n7bm https://github.com/advisories/GHSA-f2jv-r9rf-7988 38.6.0
2026-06-12T17:59:27.174871+00:00 GitLab Importer Affected by VCID-6cew-j5jr-euef https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/CVE-2019-20920.yml 38.6.0
2026-06-12T17:58:52.731962+00:00 GitLab Importer Affected by VCID-rynq-af1m-3kbr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/CVE-2021-23383.yml 38.6.0
2026-06-12T17:38:42.034076+00:00 GitLab Importer Affected by VCID-njfv-eyqc-n7bm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/CVE-2021-23369.yml 38.6.0
2026-06-12T17:16:42.507217+00:00 GitLab Importer Affected by VCID-qsg9-mgyp-5ydz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/CVE-2019-19919.yml 38.6.0
2026-06-12T17:11:51.550433+00:00 GitLab Importer Affected by VCID-5zmc-mjp2-dqgw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/GMS-2019-126.yml 38.6.0
2026-06-12T17:05:55.467959+00:00 GitLab Importer Affected by VCID-m941-ke7y-p3g8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/CVE-2015-8861.yml 38.6.0
2026-06-12T16:48:52.416811+00:00 GitLab Importer Affected by VCID-srcc-ye5f-3qfk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/handlebars/GMS-2015-33.yml 38.6.0