Search for packages
| purl | pkg:npm/handlebars@4.4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-cg5r-z5hn-xqgh | Regular Expression Denial of Service in Handlebars Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources. |
CVE-2019-20922
GHSA-62gr-4qp9-h98f |
| VCID-kbwm-qza1-jqfz | Denial of Service in handlebars Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. ## Recommendation Upgrade to version 4.4.5 or later. |
GHSA-f52g-6jhx-586p
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-01T12:24:26.187247+00:00 | GithubOSV Importer | Fixing | VCID-cg5r-z5hn-xqgh | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-62gr-4qp9-h98f/GHSA-62gr-4qp9-h98f.json | 36.1.3 |
| 2025-07-01T12:16:36.518983+00:00 | GithubOSV Importer | Fixing | VCID-kbwm-qza1-jqfz | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-f52g-6jhx-586p/GHSA-f52g-6jhx-586p.json | 36.1.3 |