VulnerableCode Package Details - pkg:composer/athlon1600/youtube-downloader@2.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-5618-53yg-8qh4 Aliases: CVE-2020-11022 GHSA-gxr4-xjj5-5px2	Potential XSS vulnerability in jQuery ### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patches This problem is patched in jQuery 3.5.0. ### Workarounds To workaround the issue without upgrading, adding the following to your code: ```js jQuery.htmlPrefilter = function( html ) { return html; }; ``` You need to use at least jQuery 1.12/2.2 or newer to be able to apply this workaround. ### References https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://jquery.com/upgrade-guide/3.5/ ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-5618-53yg-8qh4
Aliases:
CVE-2020-11022
GHSA-gxr4-xjj5-5px2

Potential XSS vulnerability in jQuery ### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patches This problem is patched in jQuery 3.5.0. ### Workarounds To workaround the issue without upgrading, adding the following to your code: ```js jQuery.htmlPrefilter = function( html ) { return html; }; ``` You need to use at least jQuery 1.12/2.2 or newer to be able to apply this workaround. ### References https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://jquery.com/upgrade-guide/3.5/ ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-01T14:21:32.812510+00:00	GHSA Importer	Affected by	VCID-5618-53yg-8qh4	https://github.com/advisories/GHSA-gxr4-xjj5-5px2	38.6.0
2026-04-29T19:40:20.254394+00:00	GitLab Importer	Affected by	VCID-5618-53yg-8qh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/athlon1600/youtube-downloader/CVE-2020-11022.yml	38.5.0
2026-04-16T21:02:56.186701+00:00	GitLab Importer	Affected by	VCID-5618-53yg-8qh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/athlon1600/youtube-downloader/CVE-2020-11022.yml	38.4.0
2026-04-16T01:32:28.457216+00:00	GHSA Importer	Affected by	VCID-5618-53yg-8qh4	https://github.com/advisories/GHSA-gxr4-xjj5-5px2	38.4.0
2026-04-11T22:14:19.250019+00:00	GitLab Importer	Affected by	VCID-5618-53yg-8qh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/athlon1600/youtube-downloader/CVE-2020-11022.yml	38.3.0
2026-04-11T13:01:49.323007+00:00	GHSA Importer	Affected by	VCID-5618-53yg-8qh4	https://github.com/advisories/GHSA-gxr4-xjj5-5px2	38.3.0
2026-04-02T22:26:39.571279+00:00	GitLab Importer	Affected by	VCID-5618-53yg-8qh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/athlon1600/youtube-downloader/CVE-2020-11022.yml	38.1.0
2026-04-02T13:53:48.630717+00:00	GHSA Importer	Affected by	VCID-5618-53yg-8qh4	https://github.com/advisories/GHSA-gxr4-xjj5-5px2	38.1.0
2026-04-01T16:44:35.518141+00:00	GitLab Importer	Affected by	VCID-5618-53yg-8qh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/athlon1600/youtube-downloader/CVE-2020-11022.yml	38.0.0