mjmlio/mjml

Releases150

Frequency3 weeks 4 days

Last Release 8 days ago

Stars18.1K

MJML: the only framework that makes responsive-email easy

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-67898 ↗	Dec 14, 2025Sunday, 14 December 2025, 22:15	4.5 MEDIUM	—
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
CVE-2020-12827 ↗	Jun 17, 2020Wednesday, 17 June 2020, 14:15	7.2 HIGH	6.4 MEDIUM
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.