Advisories for Npm/Jsrender package

If JsRender is used with server-delivered client-side templates that dynamically embed end-user input, then it is possible for a malicious user to execute arbitrary client-side code via use of a very specific expression.