npm/xmldom — 9 CVEs

CRITICAL9.8CVE-2022-39353xmldom allows multiple root nodes in a DOM

from 0, <= 0.6.0

CRITICAL9.8CVE-2022-37616Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom

from 0, <= 0.6.0

HIGH7.5CVE-2026-34601xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion

from 0, <= 0.6.0

MEDIUM6.5Misinterpretation of malicious XML input

from 0, <= 0.6.0

MEDIUM4.3Misinterpretation of malicious XML input

from 0, < 0.5.0

—xmldom: Uncontrolled recursion in XML serialization leads to DoS

from 0, <= 0.6.0

—xmldom has XML injection through unvalidated DocumentType serialization

from 0, <= 0.6.0

—xmldom has XML node injection through unvalidated processing instruction serialization

from 0, <= 0.6.0

—xmldom has XML node injection through unvalidated comment serialization

from 0, <= 0.6.0

pkg:npm/xmldom

✅ Check your installed version

All known vulnerabilities