All 6 CVE vulnerabilities found in handlebars.js, with AI-generated Chinese analysis, references, and POCs.
Vendor: handlebars-lang
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33941 | Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options CWE-79 | 8.3 | High | 2026-03-27 |
| CVE-2026-33940 | Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial CWE-94 | 8.1 | High | 2026-03-27 |
| CVE-2026-33939 | Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation CWE-754 | 7.5 | High | 2026-03-27 |
| CVE-2026-33938 | Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block CWE-94 | 8.1 | High | 2026-03-27 |
| CVE-2026-33937 | Handlebars.js has JavaScript Injection via AST Type Confusion CWE-843 | 9.8 | Critical | 2026-03-27 |
| CVE-2026-33916 | Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection CWE-79 | 4.7 | Medium | 2026-03-27 |
All 6 known CVE vulnerabilities affecting handlebars.js with full Chinese analysis, references, and POCs where available.