pkg:npm/express-xss-sanitizer

3 total CVEsHIGH1MEDIUM1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.2CVE-2026-33979Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)
    from 0, < 2.0.2
  • MEDIUM6.1CVE-2022-21169express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
    from 0, < 1.1.3
  • CVE-2025-59364express-xss-sanitizer has an unbounded recursion depth
    from 0, < 2.0.1