Search for packages
| purl | pkg:npm/html-janitor@2.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-81f7-93qc-gqbf
Aliases: GMS-2017-329 |
Sanitization bypassing leading to XSS Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function. | There are no reported fixed by versions. |
|
VCID-hqpc-pjzk-qubh
Aliases: CVE-2017-0931 GHSA-hfj4-96f7-6r5g |
html-janitor passing user-controlled data to clean() leads to XSS Passing user-controlled data to the module's clean() function can result in arbitrary JS execution, because of unsafe DOM operations. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-m8wu-u1mt-cfdp
Aliases: CVE-2017-0928 GHSA-fx46-whrj-73v5 |
html-janitor bypassing sanitization using DOM clobbering Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T23:16:15.403369+00:00 | GHSA Importer | Affected by | VCID-hqpc-pjzk-qubh | https://github.com/advisories/GHSA-hfj4-96f7-6r5g | 38.6.0 |
| 2026-06-06T23:11:35.263071+00:00 | GHSA Importer | Affected by | VCID-m8wu-u1mt-cfdp | https://github.com/advisories/GHSA-fx46-whrj-73v5 | 38.6.0 |
| 2026-06-04T20:10:06.734714+00:00 | GitLab Importer | Affected by | VCID-81f7-93qc-gqbf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/html-janitor/GMS-2017-329.yml | 38.6.0 |