This page lists publicly disclosed CVE vulnerabilities affecting mjml mjml (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-67898 | MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827. | [email protected] | 4.5 | 0.20% | 2025-12-14 | 2026-06-17 |
| CVE-2020-12827 | MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. | [email protected] | 7.2 | 2.66% | 2020-06-17 | 2026-06-16 |