Does RequestGuard fix vulnerabilities in ejs?

No. RequestGuard does not fix npm package vulnerabilities. Use package updates, patches, lockfile changes, and maintainer guidance for dependency remediation.

What does RequestGuard help with while a dependency is being remediated?

RequestGuard helps mitigate runtime abuse against exposed signup, checkout, login, form, and API flows with allow, challenge, review, and block decisions.

Does no OSV advisory mean the package is safe?

No. Missing OSV advisories only means no known advisory was returned by that source at the time checked. Continue auditing and monitoring dependencies.

npm vulnerability intelligence

ejs NPM Package
Vulnerability Check

Embedded JavaScript templates

Critical Apache-2.0 v6.0.1

Vulnerability Analysis OSV Live

ejs

v6.0.1 · Apache-2.0 · 33,330,600 dl/wk

Advisory Breakdown

Critical 2

High 1

Moderate 2

Low 0

Severity Rating

Critical

5 advisories

Critical

Weekly downloads

33,330,600

Total advisories

Latest version

6.0.1

License

Apache-2.0

Advisories Package Info Runtime

Known advisories

OSV records for the npm ecosystem

GHSA-3w5v-p54c-f74x CVE-2017-1000228 critical

ejs is vulnerable to remote code execution due to weak input validation

Affected: >=0 <2.5.5 Fixed in: 2.5.5 Updated Nov 8, 2023

View source

GHSA-6x77-rpqf-j6mw CVE-2017-1000189 high

ejs vulnerable to DoS due to weak input validation

Affected: >=0 <2.5.5 Fixed in: 2.5.5 Updated Nov 8, 2023

View source

GHSA-ghr5-ch3p-vcr6 CVE-2024-33883 moderate

ejs lacks certain pollution protection

Affected: >=0 <3.1.10 Fixed in: 3.1.10 Updated Feb 4, 2026

View source

GHSA-hwcf-pp87-7x6p CVE-2017-1000188 moderate

mde ejs vulnerable to XSS

Affected: >=0 <2.5.5 Fixed in: 2.5.5 Updated Nov 8, 2023

View source

GHSA-phwq-j96m-2c2q CVE-2022-29078 critical

ejs template injection vulnerability

Affected: >=0 <3.1.7 Fixed in: 3.1.7 Updated Nov 8, 2023

View source

Checked Jun 12, 2026, 5:18 PM from npm and OSV.dev

Package metadata

From the npm registry

Package name: ejs
Ecosystem: npm
Latest version: 6.0.1
License: Apache-2.0
Weekly downloads: 33,330,600
Repository: Open repository

Remediation boundary

What RequestGuard does — and doesn't — cover

RequestGuard does not fix npm package vulnerabilities. Dependency remediation happens through package updates, patches, lockfile changes, and maintainer guidance. RequestGuard can help mitigate runtime abuse around exposed web and API flows while remediation is handled separately.

Signup flows

API traffic

Protect runtime flows →

Allow, challenge, review, and block decisions for exposed endpoints.

Data from npm registry and OSV.dev · Checked 6/12/2026, 5:18:08 PM

Lookups

Domain Radar

Email Risk

Traffic Abuse

Lookups

Domain Radar

Email Risk

Traffic Abuse

ejs NPM Package
Vulnerability Check

Known advisories

Package metadata

Remediation boundary

Lookups

Domain Radar

Email Risk

Traffic Abuse

ejs NPM PackageVulnerability Check

Known advisories

Package metadata

Remediation boundary

ejs NPM Package
Vulnerability Check