pkg:npm/@xmldom/xmldom

8 total CVEsCRITICAL2HIGH1MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2022-39353xmldom allows multiple root nodes in a DOM
    from 0, < 0.7.7
  • CRITICAL9.8CVE-2022-37616Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom
    >= 0.8.0, < 0.8.3
  • HIGH7.5CVE-2026-34601xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
    from 0, < 0.8.12
  • MEDIUM6.5CVE-2021-32796Misinterpretation of malicious XML input
    from 0, < 0.7.0
  • CVE-2026-41673xmldom: Uncontrolled recursion in XML serialization leads to DoS
    from 0, < 0.8.13
  • CVE-2026-41674xmldom has XML injection through unvalidated DocumentType serialization
    from 0, < 0.8.13
  • CVE-2026-41675xmldom has XML node injection through unvalidated processing instruction serialization
    from 0, < 0.8.13
  • CVE-2026-41672xmldom has XML node injection through unvalidated comment serialization
    from 0, < 0.8.13