VulnerableCode Package Details - pkg:npm/html-janitor@2.0.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-81f7-93qc-gqbf Aliases: GMS-2017-329	Sanitization bypassing leading to XSS Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function.	There are no reported fixed by versions.
VCID-hqpc-pjzk-qubh Aliases: CVE-2017-0931 GHSA-hfj4-96f7-6r5g	html-janitor passing user-controlled data to clean() leads to XSS Passing user-controlled data to the module's clean() function can result in arbitrary JS execution, because of unsafe DOM operations.	2.0.3 Affected by 0 other vulnerabilities. 2.0.4 Affected by 0 other vulnerabilities.
VCID-m8wu-u1mt-cfdp Aliases: CVE-2017-0928 GHSA-fx46-whrj-73v5	html-janitor bypassing sanitization using DOM clobbering Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function.	2.0.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-81f7-93qc-gqbf
Aliases:
GMS-2017-329

Sanitization bypassing leading to XSS Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function.

There are no reported fixed by versions.

VCID-hqpc-pjzk-qubh
Aliases:
CVE-2017-0931
GHSA-hfj4-96f7-6r5g

html-janitor passing user-controlled data to clean() leads to XSS Passing user-controlled data to the module's clean() function can result in arbitrary JS execution, because of unsafe DOM operations.

2.0.3
Affected by 0 other vulnerabilities.

2.0.4
Affected by 0 other vulnerabilities.

VCID-m8wu-u1mt-cfdp
Aliases:
CVE-2017-0928
GHSA-fx46-whrj-73v5

html-janitor bypassing sanitization using DOM clobbering Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function.

2.0.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T23:16:15.413613+00:00	GHSA Importer	Affected by	VCID-hqpc-pjzk-qubh	https://github.com/advisories/GHSA-hfj4-96f7-6r5g	38.6.0
2026-06-06T23:11:35.272678+00:00	GHSA Importer	Affected by	VCID-m8wu-u1mt-cfdp	https://github.com/advisories/GHSA-fx46-whrj-73v5	38.6.0
2026-06-04T20:10:06.737894+00:00	GitLab Importer	Affected by	VCID-81f7-93qc-gqbf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/html-janitor/GMS-2017-329.yml	38.6.0
2026-06-02T04:37:46.244358+00:00	GitLab Importer	Affected by	VCID-hqpc-pjzk-qubh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/html-janitor/CVE-2017-0931.yml	38.6.0
2026-06-02T04:37:45.717269+00:00	GitLab Importer	Affected by	VCID-m8wu-u1mt-cfdp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/html-janitor/CVE-2017-0928.yml	38.6.0
2026-06-02T03:45:04.106199+00:00	Npm Importer	Affected by	VCID-m8wu-u1mt-cfdp	https://github.com/nodejs/security-wg/blob/main/vuln/npm/365.json	38.6.0
2026-06-02T03:45:04.045719+00:00	Npm Importer	Affected by	VCID-hqpc-pjzk-qubh	https://github.com/nodejs/security-wg/blob/main/vuln/npm/366.json	38.6.0