{"url":"http://public2.vulnerablecode.io/api/packages/462311?format=json","purl":"pkg:npm/mjml@3.3.0-beta.3","type":"npm","namespace":"","name":"mjml","version":"3.3.0-beta.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/321782?format=json","vulnerability_id":"VCID-g9n7-kckr-budg","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/158111/MJML-4.6.2-Path-Traversal.html","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/158111/MJML-4.6.2-Path-Traversal.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12827","reference_id":"","reference_type":"","scores":[{"value":"0.02229","scoring_system":"epss","scoring_elements":"0.84887","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12827"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Jun/23","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2020/Jun/23"},{"reference_url":"https://github.com/mjmlio/mjml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mjmlio/mjml"},{"reference_url":"https://github.com/mjmlio/mjml/commit/30e29ed2cdaec8684d60a6d12ea07b611c765a12","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mjmlio/mjml/commit/30e29ed2cdaec8684d60a6d12ea07b611c765a12"},{"reference_url":"https://github.com/mjmlio/mjml/releases/tag/v4.6.3","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mjmlio/mjml/releases/tag/v4.6.3"},{"reference_url":"https://mjml.io/community","reference_id":"","reference_type":"","scores":[],"url":"https://mjml.io/community"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12827","reference_id":"CVE-2020-12827","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12827"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384652?format=json","purl":"pkg:npm/mjml@4.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mejc-9b1c-wkbt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mjml@4.6.3"}],"aliases":["CVE-2020-12827","GHSA-4hch-r9xf-6vfr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9n7-kckr-budg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/109075?format=json","vulnerability_id":"VCID-mejc-9b1c-wkbt","summary":"MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type=\"css\" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67898","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0109","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67898"},{"reference_url":"https://github.com/mjmlio/mjml","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mjmlio/mjml"},{"reference_url":"https://github.com/mjmlio/mjml/issues/3018","reference_id":"3018","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T16:24:41Z/"}],"url":"https://github.com/mjmlio/mjml/issues/3018"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12827","reference_id":"CVE-2020-12827","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12827"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67898","reference_id":"CVE-2025-67898","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67898"},{"reference_url":"https://github.com/advisories/GHSA-45h5-66jx-r2wf","reference_id":"GHSA-45h5-66jx-r2wf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-45h5-66jx-r2wf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/893578?format=json","purl":"pkg:npm/mjml@5.0.0-alpha.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mjml@5.0.0-alpha.0"}],"aliases":["CVE-2025-67898","GHSA-45h5-66jx-r2wf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mejc-9b1c-wkbt"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mjml@3.3.0-beta.3"}