Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
npm/sanitize-html — 10 CVEs · VulnScope
pkg:npm/
sanitize-html
10 total CVEs
CRITICAL
1
HIGH
1
MEDIUM
7
✅ Check your installed version
Check
All known vulnerabilities
CRITICAL
9.3
CVE-2026-44990
Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`
>= 2.17.3, < 2.17.4
HIGH
7.5
CVE-2022-25887
Sanitize-html Vulnerable To REDoS Attacks
from 0, < 2.7.1
MEDIUM
6.1
CVE-2026-40186
sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements
>= 2.17.2, < 2.17.3
MEDIUM
6.1
sanitize-html is vulnerable to XSS through incomprehensive sanitization
from 0, < 2.0.0-beta
MEDIUM
6.1
Cross-Site Scripting in sanitize-html
from 0, < 1.4.3
MEDIUM
6.1
Cross-Site Scripting in sanitize-html
from 0, < 1.2.3
MEDIUM
5.3
sanitize-html Information Exposure vulnerability
from 0, < 2.12.1
MEDIUM
5.3
Improper Input Validation in sanitize-html
from 0, < 2.3.2
MEDIUM
5.3
Improper Input Validation in sanitize-html
from 0, < 2.3.1
—
Cross-Site Scripting in sanitize-html
from 0, < 1.11.4
CVE-2019-25225
CVE-2016-1000237
CVE-2017-16017
CVE-2024-21501
CVE-2021-26540
CVE-2021-26539
CVE-2017-16016