Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

harttle — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting harttle. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Harttle develops web development tools and platforms, with a core focus on enhancing developer productivity through integrated environments. Historically, its products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from input validation flaws and improper access controls. The project maintains a moderate security posture with seven CVEs recorded, primarily addressing authentication bypasses and insecure default configurations. While no major security incidents have been widely documented, the consistent occurrence of injection-based vulnerabilities suggests ongoing challenges in secure coding practices, particularly in handling user-supplied data within its development frameworks.

Top products by harttle: liquidjs
CVE IDTitleCVSSSeverityPublished
CVE-2026-41311 LiquidJS is vulnerable to Denial of Service via circular block reference in layout — liquidjsCWE-674 7.5 High2026-05-09
CVE-2026-39859 LiquidJS has a renderFile() / parseFile() bypass configured root and allow arbitrary file read — liquidjsCWE-22 4.9AIMediumAI2026-04-08
CVE-2026-39412 LiquidJS has an ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel — liquidjsCWE-200 5.3 Medium2026-04-08
CVE-2026-35525 LiquidJS has a root restriction bypass for partial and layout loading through symlinked templates — liquidjsCWE-61 7.5AIHighAI2026-04-08
CVE-2026-34166 LiquidJS has a Memory Limit Bypass via Quadratic Amplification in `replace` Filter — liquidjsCWE-400 3.7 Low2026-04-08
CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash — liquidjsCWE-20 7.5 High2026-03-26
CVE-2026-33287 LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern — liquidjsCWE-20 7.5 High2026-03-26
CVE-2026-30952 liquidjs has a path traversal fallback vulnerability — liquidjsCWE-22 8.1AIHighAI2026-03-10

This page lists every published CVE security advisory associated with harttle. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.