VulnerableCode Package Details - pkg:deb/debian/node-dompurify@2.4.1%2Bdfsg%2B~2.4.0-2?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/node-dompurify@2.4.1%2Bdfsg%2B~2.4.0-2?distro=trixie

purl	pkg:deb/debian/node-dompurify@2.4.1%2Bdfsg%2B~2.4.0-2?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-mebp-4rfu-vqcq	DOMpurify has a nesting-based mXSS DOMpurify was vulnerable to nesting-based mXSS fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and [merge 943](https://github.com/cure53/DOMPurify/pull/943) Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking POC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)	CVE-2024-47875 GHSA-gx9m-whjm-85jf

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:29:51.587695+00:00	Debian Importer	Fixing	VCID-mebp-4rfu-vqcq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-11T18:20:03.397918+00:00	Debian Importer	Fixing	VCID-mebp-4rfu-vqcq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:47:06.736272+00:00	Debian Importer	Fixing	VCID-mebp-4rfu-vqcq	https://security-tracker.debian.org/tracker/data/json	38.1.0