Security
Headlines

Headlines Latest CVEs

Headline

GHSA-45h5-66jx-r2wf: MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827

MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.

3 days ago

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-67898

MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827

Moderate severity GitHub Reviewed Published Dec 15, 2025 to the GitHub Advisory Database • Updated Dec 17, 2025

Affected versions

<= 4.18.0

Description

Published to the GitHub Advisory Database

Dec 15, 2025

Last updated

Dec 17, 2025

ghsa: Latest News

GHSA-x8cp-jf6f-r4xh: AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue

1 hour ago

GHSA-2xgq-q749-89fq: AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue

1 hour ago

GHSA-3g75-q268-r9r6: Amazon S3 Encryption Client has a Key Commitment Issue

1 hour ago

GHSA-8452-54wp-rmv6: Storybook manager bundle may expose environment variables during build

1 hour ago

GHSA-529f-9qwm-9628: tinacms is vulnerable to arbitrary code execution

2 hours ago