pkg:Debian/node-dompurify

11 total CVEsCRITICAL3HIGH2MEDIUM6

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2024-47875DOMpurify has a nesting-based mXSS
    from 0, < 2.4.1+dfsg+~2.4.0-2
  • CRITICAL10.0CVE-2024-47875DOMpurify has a nesting-based mXSS
    from 0, < 2.4.1+dfsg+~2.4.0-2
  • CRITICAL9.1CVE-2024-48910DOMPurify vulnerable to tampering by prototype polution
    from 0, < 2.4.1+dfsg+~2.4.0-2+deb12u1
  • HIGH7.5CVE-2025-48050In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory.
    from 0
  • HIGH7.0CVE-2024-45801DOMPurify allows tampering by prototype pollution
    from 0, < 2.4.1+dfsg+~2.4.0-2+deb12u1
  • MEDIUM6.9CVE-2026-41238DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback
    from 0
  • MEDIUM6.8CVE-2026-41239DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode
    from 0
  • MEDIUM6.1CVE-2026-41240DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)
    from 0
  • MEDIUM6.1CVE-2026-0540DOMPurify contains a Cross-site Scripting vulnerability
    from 0
  • MEDIUM6.1CVE-2025-15599DOMPurify contains a Cross-site Scripting vulnerability
    from 0
  • MEDIUM4.5CVE-2025-26791DOMPurify allows Cross-site Scripting (XSS)
    from 0