Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

handlebars

Ecosystem:
npm
Package URL:
pkg:npm/handlebars
Total PRs:
2,364 Dependabot PRs
Latest PR:
2 days ago
Unique Repositories:
1,811 repositories
Unique Repos (30 days):
146 repositories
Security Advisories
Cross-Site Scripting in handlebars
GHSA-9prh-257w-9277 CVE-2015-8861 MODERATE published over 7 years ago • updated about 6 hours ago
Versions of `handlebars` prior to 4.0.0 are affected by a cross-site scripting vulnerability when attributes in handlebar templates are not quoted....
Arbitrary Code Execution in handlebars
GHSA-2cf5-4w76-r9qv HIGH published over 5 years ago • updated about 2 months ago
Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate...
Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
GHSA-xjpj-3mr7-gcpf CVE-2026-33941 HIGH published 2 months ago • updated 4 days ago
## Summary The Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names and...
Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
GHSA-9cx6-37pm-9jff CVE-2026-33939 HIGH published 2 months ago • updated 21 days ago
## Summary When a Handlebars template contains decorator syntax referencing an unregistered decorator (e.g. `{{*n}}`), the compiled template calls...
Arbitrary Code Execution in handlebars
GHSA-q2c6-c6pm-g3gh HIGH published over 5 years ago • updated about 6 hours ago
Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate...
View all 18 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
chore(deps): bump the npm_and_yarn group across 3 directories with 20 updates

theinsightcentre/generative-ai-google #9

4.7.8 → 4.7.9 Patch PR
Closed 3 days ago 1 comment
theinsightcentre
chore(deps): bump the npm_and_yarn group across 2 directories with 18 updates

harpertoken/autofix #49

4.7.8 → 4.7.9 Patch PR
Closed 5 days ago 3 comments
harpertoken
chore(deps)(deps-dev): bump the development-dependencies group across 1 directory with 28 updates

HUA-Labs/hua-packages #26

4.7.8 → 4.7.9 Patch PR
Open 5 days ago 1 comment
HUA-Labs
Bump handlebars from 4.7.8 to 4.7.9

CrashBytes/react-hooks #3

4.7.8 → 4.7.9 Patch PR
Closed 5 days ago 1 comment
CrashBytes
Bump the npm_and_yarn group across 16 directories with 20 updates

jcstein/next.js #21

4.7.6 → 4.7.9 Patch PR
Closed 5 days ago 1 comment
jcstein
Bump the npm_and_yarn group across 13 directories with 20 updates

jcstein/next.js #19

4.7.6 → 4.7.9 Patch PR
Closed 5 days ago 1 comment
jcstein
chore(deps): bump the npm_and_yarn group across 2 directories with 13 updates

HarleyCoops/ai #1

4.7.8 → 4.7.9 Patch PR
Open 6 days ago 2 comments
HarleyCoops
chore(deps): bump handlebars from 4.7.8 to 4.7.9 in the prod-dependencies-patch group across 1 directory

Eliyce/paqad-ai #6

4.7.8 → 4.7.9 Patch PR
Open 6 days ago 7 comments
Eliyce
Bump the npm_and_yarn group across 8 directories with 16 updates

lawgimenez/omnivore #6

4.7.8 → 4.7.9 Patch PR
Closed 6 days ago 1 comment
lawgimenez
Bump the npm_and_yarn group across 2 directories with 17 updates

jianminy931020-coder/my-official-site #1

4.7.8 → 4.7.9 Patch PR
Open 7 days ago 1 comment
jianminy931020-coder
chore(deps): bump the npm_and_yarn group across 4 directories with 17 updates

AlDracuX/RuVector #5

4.7.8 → 4.7.9 Patch PR
Closed 7 days ago 1 comment
AlDracuX
chore(deps): bump the npm_and_yarn group across 5 directories with 22 updates

michaelhughes2501/ruflo #4

4.7.8 → 4.7.9 Patch PR
Closed 7 days ago 1 comment
michaelhughes2501
Bump the npm_and_yarn group across 5 directories with 10 updates

AKJUS/jupyterlab #382

4.7.8 → 4.7.9 Patch PR
Open 7 days ago 3 comments
AKJUS
chore(deps): Bump the npm_and_yarn group across 1 directory with 13 updates

stvn101/n8n #1

4.7.8 → 4.7.9 Patch PR
Open 7 days ago 2 comments
stvn101
chore(deps): bump the npm_and_yarn group across 2 directories with 17 updates

Dargon789/web3.js #81

4.7.7 → 4.7.9 Patch PR
Open 7 days ago 1 comment
Dargon789
Bump the npm_and_yarn group across 8 directories with 7 updates

Protection4/azure-sdk-for-js #23

4.7.7 → 4.7.9 Patch PR
Closed 7 days ago 1 comment
Protection4
Bump the npm_and_yarn group across 2 directories with 11 updates

Dargon789/sequence.js #588

4.7.8 → 4.7.9 Patch PR
Open 8 days ago 5 comments
Dargon789
chore(deps): bump the npm_and_yarn group across 2 directories with 17 updates

Dargon789/web3.js #79

4.7.7 → 4.7.9 Patch PR
Closed 8 days ago 2 comments
Dargon789
build(deps): bump the npm_and_yarn group across 5 directories with 17 updates

alejandrocuba/angular #3

4.7.8 → 4.7.9 Patch PR
Closed 8 days ago 1 comment
alejandrocuba
Bump the npm_and_yarn group across 1 directory with 25 updates

fujimakis-sss/juice-shop #4

4.7.8 → 4.7.9 Patch PR
Closed 8 days ago 1 comment
fujimakis-sss
chore(deps): bump the npm_and_yarn group across 1 directory with 13 updates

Satelink-Protocol/Satelink_Network #63

4.7.7 → 4.7.9 Patch PR
Closed 10 days ago 3 comments
Satelink-Protocol
chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9

flowcord-dev/flowcord-core #27

4.7.8 → 4.7.9 Patch PR
Closed 10 days ago 1 comment
flowcord-dev
chore(deps): bump the npm_and_yarn group across 1 directory with 19 updates

atze1210/aa-sdk #277

4.7.8 → 4.7.9 Patch PR
Open 10 days ago 2 comments
atze1210
chore(deps): bump the npm_and_yarn group across 3 directories with 13 updates

alexis-opolka/standardnote-app #37

4.7.7 → 4.7.9 Patch PR
Closed 10 days ago 1 comment
alexis-opolka
chore(deps): bump the npm_and_yarn group across 4 directories with 22 updates

tabenius/dododo #8

4.7.7 → 4.7.9 Patch PR
Closed 10 days ago 1 comment
tabenius
deps(deps): bump the security-patches group across 3 directories with 18 updates

VeVarunSharma/contoso-vibe-engineering #317

4.7.8 → 4.7.9 Patch PR
Closed 10 days ago 5 comments
VeVarunSharma
chore(deps): bump the npm_and_yarn group across 2 directories with 20 updates

thirdweb-dev/engine #942

4.7.8 → 4.7.9 Patch PR
Open 10 days ago 2 comments
thirdweb-dev
chore(deps): bump the npm_and_yarn group across 3 directories with 31 updates

Reality2byte/metamask-mobile #766

4.7.8 → 4.7.9 Patch PR
Closed 11 days ago 1 comment
Reality2byte
chore(deps): bump the npm_and_yarn group across 2 directories with 17 updates

Dargon789/web3.js #76

4.7.7 → 4.7.9 Patch PR
Open 11 days ago 1 comment
Dargon789
Bump the npm_and_yarn group across 2 directories with 23 updates

dragonflycapital/gitpod #74

4.7.7 → 4.7.9 Patch PR
Closed 11 days ago 1 comment
dragonflycapital
chore(deps): bump the npm_and_yarn group across 1 directory with 23 updates

Rytass/Utils #202

4.7.8 → 4.7.9 Patch PR
Open 11 days ago 2 comments
Rytass
chore(deps): bump the npm_and_yarn group across 1 directory with 17 updates

Rytass/Utils #193

4.7.8 → 4.7.9 Patch PR
Closed 12 days ago 2 comments
Rytass
chore(deps)(deps): bump handlebars from 4.7.8 to 4.7.9

Mattlk13/nexus-ai-marketplace #32

4.7.8 → 4.7.9 Patch PR
Open 12 days ago 1 comment
Mattlk13
chore(deps): bump handlebars from 4.7.8 to 4.7.9

trganda/obsidian-attachment-management #210

4.7.8 → 4.7.9 Patch PR
Closed 13 days ago 2 comments
trganda
Bump handlebars from 4.7.8 to 4.7.9

balancer/balancer-deployments #400

4.7.8 → 4.7.9 Patch PR
Closed 13 days ago 1 comment
balancer
Bump the npm_and_yarn group across 1 directory with 26 updates

adrianwedd/Open-Assistant #1

4.7.7 → 4.7.9 Patch PR
Open 14 days ago 1 comment
adrianwedd
Bump the npm_and_yarn group across 16 directories with 21 updates

AKJUS/todomvc #27

4.7.8 → 4.7.9 Patch PR
Open 14 days ago 1 comment
AKJUS
build(deps): bump the npm_and_yarn group across 2 directories with 22 updates

JounQin/renovate #27

4.7.8 → 4.7.9 Patch PR
Open 14 days ago 2 comments
JounQin
chore(deps): bump the npm_and_yarn group across 2 directories with 16 updates

Dargon789/web3.js #75

4.7.7 → 4.7.9 Patch PR
Closed 14 days ago 2 comments
Dargon789
Bump the npm_and_yarn group across 2 directories with 20 updates

erikside/scaff #9

4.7.8 → 4.7.9 Patch PR
Closed 14 days ago 1 comment
erikside
Bump the npm_and_yarn group across 2 directories with 18 updates

BeulahPerry/scaffold-eth-2----scaffold-eth #54

4.7.8 → 4.7.9 Patch PR
Closed 14 days ago 1 comment
BeulahPerry
chore(deps): bump the npm_and_yarn group across 2 directories with 13 updates

mycodexvantaos/mycodexvantaos #21

4.7.8 → 4.7.9 Patch PR
Open 15 days ago 7 comments
mycodexvantaos
chore(deps): bump the npm_and_yarn group across 2 directories with 13 updates

mycodexvantaos/mycodexvantaos #20

4.7.8 → 4.7.9 Patch PR
Closed 15 days ago 2 comments
mycodexvantaos
chore(deps): bump the npm_and_yarn group across 7 directories with 13 updates

c6ai/snack #30

4.7.6 → 4.7.9 Patch PR
Closed 15 days ago 1 comment
c6ai
Bump the npm_and_yarn group across 9 directories with 20 updates

jcstein/next.js #12

4.7.6 → 4.7.9 Patch PR
Closed 15 days ago 1 comment
jcstein
chore: bump the npm_and_yarn group across 1 directory with 12 updates

deadlock-mod-manager/deadlock-mod-manager #467

4.7.8 → 4.7.9 Patch PR
Closed 15 days ago 3 comments
deadlock-mod-manager
chore(deps): bump the npm_and_yarn group across 1 directory with 10 updates

GlacierEQ/gpt-crawler #2

4.7.8 → 4.7.9 Patch PR
Open 16 days ago 2 comments
GlacierEQ
Bump the npm_and_yarn group across 2 directories with 15 updates

GlacierEQ/desktop-app #4

4.7.8 → 4.7.9 Patch PR
Open 16 days ago 2 comments
GlacierEQ
chore(deps): bump the npm_and_yarn group across 3 directories with 18 updates

alialobidm/lodestar #6

4.7.7 → 4.7.9 Patch PR
Open 16 days ago 1 comment
alialobidm
chore(deps): Bump the npm_and_yarn group across 4 directories with 8 updates

yu-iskw/n8n #17

4.7.8 → 4.7.9 Patch PR
Open 16 days ago 2 comments
yu-iskw
Package Details
Name: handlebars
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/handlebars
JSON API: View JSON
Security Advisories

18

Active advisories
CRITICAL 3
HIGH 10
MODERATE 4
LOW 1
View All npm Advisories
Package Information
Description:

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Repository: https://github.com/handlebars-lang/handlebars.js
Homepage: https://www.handlebarsjs.com/
Latest Release: 4.7.8
almost 3 years ago
Dependent Repos: 1,258,975
Dependent Packages: 15,556
Downloads: 80,916,646
Ranking: Top 0.0276% by dependent repos Top 0.0274% by downloads Top 0.0065% by dependent pkgs
PR Status
Open 1,143 (48.4%)
Merged 34 (1.4%)
Closed 1,142 (48.3%)
PR Types
Major 13 (0.6%)
Minor 611 (25.9%)
Patch 1,688 (71.4%)
Removal 3 (0.1%)