ROOT-APP-NPM-CVE-2026-41672 CVE-2026-41672 in @rootio/xmldom__xmldom - Patched by Root

Root has patched CVE-2026-41672 in the @rootio/xmldomxmldom package for Root:npm. Multiple fixed versions available...

CVE-2026-41675

CVE-2026-41675 affects the xmldom/xmldom package. The vulnerability stems from attacker-controlled processing instruction data being serialized without validating or neutralizing the PI-closing sequence ?>, allowing injection of arbitrary XML nodes into the serialized output. Affected versions...

Linux Distros Unpatched Vulnerability : CVE-2026-41674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 an...

CVE-2026-41675

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...

Uncontrolled Recursion

Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to Uncontrolled Recursion in the recursive processing of deeply nested XML documents by several DOM-related operations, including...

Uncontrolled Recursion

Overview @xmldom/xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes. Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom Affected versions of this package are vulnerable to Uncontrolled...

XML Injection

Overview @xmldom/xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes. Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom Affected versions of this package are vulnerable to XML Injection du...

XML Injection

Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection due to unvalidated comment serialization. When an application uses the package to create an XML comment from...

Linux Distros Unpatched Vulnerability : CVE-2026-34601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom...

EUVD-2022-7067

Malicious code in bioql PyPI...

CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

DEBIAN-CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

Sql injection

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...