Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/prismjs@1.24.0
purl pkg:npm/prismjs@1.24.0
Next non-vulnerable version 1.30.0
Latest non-vulnerable version 1.30.0
Risk 4.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-7hga-phsb-1kep
Aliases:
CVE-2022-23647
GHSA-3949-f494-cm99
Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.
1.27.0
Affected by 1 other vulnerability.
VCID-cvqb-p5f4-7fax
Aliases:
CVE-2021-3801
GHSA-hqhp-5p83-hx96
prism is vulnerable to Inefficient Regular Expression Complexity
1.25.0
Affected by 2 other vulnerabilities.
VCID-qve7-xnn5-g7as
Aliases:
CVE-2024-53382
GHSA-x7hr-w5r2-h6wg
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
1.30.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-qgsq-pu42-6bg6 CVE-2021-32723
GHSA-gj77-59wh-66hg

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T06:23:44.590221+00:00 GHSA Importer Fixing VCID-qgsq-pu42-6bg6 https://github.com/advisories/GHSA-gj77-59wh-66hg 38.6.0
2026-06-12T19:53:55.170984+00:00 GitLab Importer Affected by VCID-qve7-xnn5-g7as https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/prismjs/CVE-2024-53382.yml 38.6.0
2026-06-12T18:00:13.485735+00:00 GitLab Importer Affected by VCID-7hga-phsb-1kep https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/prismjs/CVE-2022-23647.yml 38.6.0
2026-06-12T17:48:03.110610+00:00 GitLab Importer Affected by VCID-cvqb-p5f4-7fax https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/prismjs/CVE-2021-3801.yml 38.6.0
2026-06-12T17:43:38.472969+00:00 GitLab Importer Fixing VCID-qgsq-pu42-6bg6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/prismjs/CVE-2021-32723.yml 38.6.0
2026-06-12T08:06:03.730073+00:00 GithubOSV Importer Fixing VCID-qgsq-pu42-6bg6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-gj77-59wh-66hg/GHSA-gj77-59wh-66hg.json 38.6.0