Lucene search
K

202 matches found

OSV
OSV
added 2026/06/04 8:57 p.m.9 views

ROOT-APP-NPM-NSWG-ECO-154 NSWG-ECO-154 in @rootio/sanitize-html - Patched by Root

Root has patched NSWG-ECO-154 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/04 8:57 p.m.4 views

ROOT-APP-NPM-CVE-2017-16016 CVE-2017-16016 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2017-16016 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

6.1CVSS5.4AI score0.01357EPSS
Exploits1
OSV
OSV
added 2026/06/04 8:57 p.m.5 views

ROOT-APP-NPM-CVE-2019-25225 CVE-2019-25225 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2019-25225 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

6.1CVSS5.4AI score0.00251EPSS
Exploits1
OSV
OSV
added 2026/06/04 8:57 p.m.3 views

ROOT-APP-NPM-CVE-2022-25887 CVE-2022-25887 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2022-25887 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.0115EPSS
Exploits0
OSV
OSV
added 2026/06/04 8:57 p.m.5 views

ROOT-APP-NPM-CVE-2016-1000237 CVE-2016-1000237 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2016-1000237 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

6.1CVSS5.4AI score0.0084EPSS
Exploits0
OSV
OSV
added 2026/06/04 8:57 p.m.8 views

ROOT-APP-NPM-CVE-2021-26540 CVE-2021-26540 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2021-26540 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.01754EPSS
Exploits1
OSV
OSV
added 2026/06/04 8:57 p.m.6 views

ROOT-APP-NPM-CVE-2021-26539 CVE-2021-26539 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2021-26539 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.01953EPSS
Exploits1
OSV
OSV
added 2026/06/04 8:57 p.m.5 views

ROOT-APP-NPM-CVE-2024-21501 CVE-2024-21501 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2024-21501 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.01018EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.25 views

PT-2026-49160

Root has patched NSWG-ECO-154 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

5.3AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/14 6:27 p.m.7 views

org.webjars.npm:github-com-daichirata-vue-sanitize (=0.2.2), org.webjars.npm:github-com-daichirata-vue-sanitize- (=0.2.2) potentially affected by CVE-2026-45011 via org.webjars.npm:sanitize-html (=2.7.0)

org.webjars.npm:sanitize-html MAVEN version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sanitize-html and may be impacted: - org.webjars.npm:github-com-daichirata-vue-sanitize =0.2.2 -...

7.3CVSS5.4AI score0.00211EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/14 6:27 p.m.9 views

@_sh/strapi-plugin-ckeditor (>=5.0.2 <=7.1.1), @a.agiir/cinny (>=0.0.1 <=0.0.2) +1249 more potentially affected by CVE-2026-45011 via sanitize-html (>=2.10.0 <=2.17.3)

sanitize-html NPM version =2.10.0, =5.0.2, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.8, =0.6.2-alpha.0, =0.7.3, =0.6.2-alpha.0, =0.6.2-alpha.0, =0.6.2-alpha.0, =0.8.21 and more Source cves: CVE-2026-45011 Source advisory: SNYK:JS-SANITIZEHTML-16759743...

7.3CVSS5.7AI score0.00211EPSS
Exploits0
Snyk
Snyk
added 2026/05/14 6:27 p.m.12 views

Improper Encoding or Escaping of Output

Overview sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the linkHref field handling. An...

7.3CVSS6.1AI score0.00211EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/14 6:26 p.m.6 views

@_sh/strapi-plugin-ckeditor (>=5.0.2 <=7.1.1), @a.agiir/cinny (>=0.0.1 <=0.0.2) +1249 more potentially affected by CVE-2026-44990 via sanitize-html (>=2.10.0 <=2.17.3)

sanitize-html NPM version =2.10.0, =5.0.2, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.8, =0.6.2-alpha.0, =0.7.3, =0.6.2-alpha.0, =0.6.2-alpha.0, =0.6.2-alpha.0, =0.8.21 and more Source cves: CVE-2026-44990 Source advisory: SNYK:JS-SANITIZEHTML-16697325...

9.3CVSS5.7AI score0.00397EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/14 6:26 p.m.9 views

org.webjars.npm:github-com-daichirata-vue-sanitize (=0.2.2), org.webjars.npm:github-com-daichirata-vue-sanitize- (=0.2.2) potentially affected by CVE-2026-44990 via org.webjars.npm:sanitize-html (=2.7.0)

org.webjars.npm:sanitize-html MAVEN version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sanitize-html and may be impacted: - org.webjars.npm:github-com-daichirata-vue-sanitize =0.2.2 -...

9.3CVSS5.8AI score0.00397EPSS
Exploits0
Patchstack
Patchstack
added 2026/05/14 6:26 p.m.10 views

NPM: Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

NPM: Apostrophe has default XSS via xmp raw-text passthrough in sanitize-html vulnerability discovered by ? in WordPress Npm sanitize-html versions 2.17.3...

5.8AI score0.00397EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/14 6:26 p.m.7 views

GHSA-RPR9-RXV7-X643 Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

Summary Under the default configuration, sanitize-html can turn attacker-controlled content inside a disallowed xmp element into live HTML or JavaScript. This is a sanitizer bypass in the default disallowedTagsMode: 'discard' path and can lead to stored XSS in applications that render sanitized...

9.3CVSS6AI score0.00397EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/14 6:26 p.m.21 views

Cross-site Scripting (XSS)

Overview sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Cross-site Scripting XSS via the xmp raw-text passthrough. An attacker can...

6.1CVSS5.8AI score0.00397EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 6:26 p.m.39 views

Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

Summary Under the default configuration, sanitize-html can turn attacker-controlled content inside a disallowed xmp element into live HTML or JavaScript. This is a sanitizer bypass in the default disallowedTagsMode: 'discard' path and can lead to stored XSS in applications that render sanitized...

9.3CVSS6AI score0.00397EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.18 views

PT-2026-41152

Name of the Vulnerable Software and Affected Versions sanitize-html version 2.17.3 Description A sanitizer bypass exists in the default configuration where the disallowedTagsMode: 'discard' path fails to properly handle the xmp element. Because xmp is not included in the nonTextTags list, its...

9.3CVSS5.7AI score0.00397EPSS
Exploits0References9
OSV
OSV
added 2026/04/16 9:8 p.m.9 views

GHSA-9MRH-V2V3-XPFM sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements

Summary Commit 49d0bb7 introduced a regression in sanitize-html that bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option. Entity-encoded HTML inside these elements passes through the sanitizer as decoded, unescaped HTML, allowing injection of arbitrary...

6.1CVSS6.1AI score0.00235EPSS
Exploits1References4
Rows per page
Query Builder