npm/dompurify — 13 CVEs

CRITICAL10.0CVE-2024-47875node-dompurify - security update

from 0, < 2.5.0

CRITICAL9.1CVE-2024-48910DOMPurify vulnerable to tampering by prototype polution

from 0, < 2.4.2

HIGH8.2CVE-2026-47423DOMPurify XSS via selectedcontent re-clone

>= 3.4.4, < 3.4.5

HIGH7.0DOMPurify allows tampering by prototype pollution

from 0, < 2.5.4

MEDIUM6.9DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback

>= 3.0.1, < 3.4.0

MEDIUM6.8DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode

>= 1.0.10, < 3.4.0

MEDIUM6.1DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)

from 0, < 3.4.0

MEDIUM6.1DOMPurify contains a Cross-site Scripting vulnerability

>= 3.1.3, < 3.3.2

MEDIUM6.1DOMPurify contains a Cross-site Scripting vulnerability

>= 3.1.3, < 3.2.7

MEDIUM6.1DOMPurify Open Redirect vulnerability

from 0, < 1.0.11

MEDIUM6.1Cross-site Scripting in dompurify

from 0, < 2.0.17

MEDIUM6.1dompurify.js - security update

from 0, < 2.0.3

MEDIUM4.5DOMPurify allows Cross-site Scripting (XSS)

from 0, < 3.2.4

pkg:npm/dompurify