2c2p-integration (>=0.2.0 <=0.2.2), 2d-game-assets (=0.0.1) +5992 more potentially affected by CVE-2026-41674 via @xmldom/xmldom (>=0.7.0 <=0.8.12)

@xmldom/xmldom NPM version =0.7.0, =0.2.0, =1.0.8, =0.1.3, =0.0.7, =0.3.31, =0.1.3, =1.0.4, =1.0.5 and more Source cves: CVE-2026-41674 Source advisory: SNYK:JS-XMLDOMXMLDOM-16134549...

08cms (=1.0.0), 0uth (>=1.0.5 <=1.2.1) +13068 more potentially affected by CVE-2026-41675 via xmldom (>=0.1.11 <=0.6.0)

xmldom NPM version =0.1.11, =1.0.5, =1.0.0, =1.0.0, =1.7.3, =0.1.0, =0.0.2, =0.0.1, =1.0.2, =1.0.3, =1.0.23, =1.0.1, =1.3.1 and more Source cves: CVE-2026-41675 Source advisory: OSV:GHSA-X6WF-F3PX-WCQX...

2c2p-integration (>=0.2.0 <=0.2.2), 4help-shared (>=1.0.8 <=1.0.15) +4128 more potentially affected by CVE-2026-34601 via @xmldom/xmldom (>=0.7.0 <=0.8.11)

@xmldom/xmldom NPM version =0.7.0, =0.2.0, =1.0.8, =0.1.3, =0.0.7, =0.3.31, =1.0.4, =1.0.0, =2.1.0-develop-2ff6c7-mckmjkzz, =2.1.0-renovate-fdebc6-mhg3djx8 - @abcd19/st-grid =3.1.0 - @abdullahceylan/expo-cli =0.2.6 and more Source cves: CVE-2026-34601 Source advisory: SNYK:JS-XMLDOMXMLDOM-1586963...

Misinterpretation of malicious XML input

Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.5...