Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/%40braintree/sanitize-url@3.0.0
purl pkg:npm/%40braintree/sanitize-url@3.0.0
Next non-vulnerable version 6.0.2
Latest non-vulnerable version 6.0.2
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-dc7t-x6q7-uud3
Aliases:
CVE-2022-48345
GHSA-q8gg-vj6m-hgmj
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
6.0.1
Affected by 1 other vulnerability.
6.0.2
Affected by 0 other vulnerabilities.
VCID-x4cs-g2jz-eqb5
Aliases:
CVE-2021-23648
GHSA-hqq7-2q2v-82xq
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The package @braintree/sanitize-url before 6.0.0 is vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.
6.0.0
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:22:48.440935+00:00 GitLab Importer Affected by VCID-dc7t-x6q7-uud3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@braintree/sanitize-url/CVE-2022-48345.yml 38.4.0
2026-04-16T21:42:57.898476+00:00 GitLab Importer Affected by VCID-x4cs-g2jz-eqb5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@braintree/sanitize-url/CVE-2021-23648.yml 38.4.0
2026-04-11T23:40:57.528292+00:00 GitLab Importer Affected by VCID-dc7t-x6q7-uud3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@braintree/sanitize-url/CVE-2022-48345.yml 38.3.0
2026-04-11T22:58:30.373192+00:00 GitLab Importer Affected by VCID-x4cs-g2jz-eqb5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@braintree/sanitize-url/CVE-2021-23648.yml 38.3.0
2026-04-02T23:44:58.640962+00:00 GitLab Importer Affected by VCID-dc7t-x6q7-uud3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@braintree/sanitize-url/CVE-2022-48345.yml 38.1.0
2026-04-02T23:07:18.281851+00:00 GitLab Importer Affected by VCID-x4cs-g2jz-eqb5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@braintree/sanitize-url/CVE-2021-23648.yml 38.1.0
2026-04-01T18:08:01.775630+00:00 GitLab Importer Affected by VCID-dc7t-x6q7-uud3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@braintree/sanitize-url/CVE-2022-48345.yml 38.0.0
2026-04-01T17:26:37.108467+00:00 GitLab Importer Affected by VCID-x4cs-g2jz-eqb5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@braintree/sanitize-url/CVE-2021-23648.yml 38.0.0