pkg:npm/dompurify

13 total CVEsCRITICAL2HIGH2MEDIUM9

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2024-47875DOMpurify has a nesting-based mXSS
    from 0, < 2.5.0
  • CRITICAL9.1CVE-2024-48910DOMPurify vulnerable to tampering by prototype polution
    from 0, < 2.4.2
  • HIGH8.2CVE-2026-47423DOMPurify XSS via selectedcontent re-clone
    >= 3.4.4, < 3.4.5
  • HIGH7.0CVE-2024-45801DOMPurify allows tampering by prototype pollution
    from 0, < 2.5.4
  • MEDIUM6.9CVE-2026-41238DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback
    >= 3.0.1, < 3.4.0
  • MEDIUM6.8CVE-2026-41239DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode
    >= 1.0.10, < 3.4.0
  • MEDIUM6.1CVE-2026-41240DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)
    from 0, < 3.4.0
  • MEDIUM6.1CVE-2026-0540DOMPurify contains a Cross-site Scripting vulnerability
    >= 3.1.3, < 3.3.2
  • MEDIUM6.1CVE-2025-15599DOMPurify contains a Cross-site Scripting vulnerability
    >= 3.1.3, < 3.2.7
  • MEDIUM6.1CVE-2019-25155DOMPurify Open Redirect vulnerability
    from 0, < 1.0.11
  • MEDIUM6.1CVE-2020-26870Cross-site Scripting in dompurify
    from 0, < 2.0.17
  • MEDIUM6.1CVE-2019-16728dompurify.js - security update
    from 0, < 2.0.3
  • MEDIUM4.5CVE-2025-26791DOMPurify allows Cross-site Scripting (XSS)
    from 0, < 3.2.4