VulnerableCode Package Details - pkg:nuget/jquery@3.4.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-5618-53yg-8qh4 Aliases: CVE-2020-11022 GHSA-gxr4-xjj5-5px2	Potential XSS vulnerability in jQuery ### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patches This problem is patched in jQuery 3.5.0. ### Workarounds To workaround the issue without upgrading, adding the following to your code: ```js jQuery.htmlPrefilter = function( html ) { return html; }; ``` You need to use at least jQuery 1.12/2.2 or newer to be able to apply this workaround. ### References https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://jquery.com/upgrade-guide/3.5/ ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.	3.5.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5618-53yg-8qh4
Aliases:
CVE-2020-11022
GHSA-gxr4-xjj5-5px2

Potential XSS vulnerability in jQuery ### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patches This problem is patched in jQuery 3.5.0. ### Workarounds To workaround the issue without upgrading, adding the following to your code: ```js jQuery.htmlPrefilter = function( html ) { return html; }; ``` You need to use at least jQuery 1.12/2.2 or newer to be able to apply this workaround. ### References https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://jquery.com/upgrade-guide/3.5/ ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.

3.5.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-yjt6-bhfr-u3aj	Duplicate Advisory: Prototype Pollution in jquery ## Duplicate Advisory This advisory is a duplicate of [GHSA-6c3j-c64m-qhgq](https://github.com/advisories/GHSA-6c3j-c64m-qhgq). This link is maintained to preserve external references. ## Original Description Versions of `jquery` prior to 3.4.0 are vulnerable to Prototype Pollution. The extend() method allows an attacker to modify the prototype for `Object` causing changes in properties that will exist on all objects. ## Recommendation Upgrade to version 3.4.0 or later.	CVE-2019-5428 GHSA-wv67-q8rr-grjp

Vulnerability

Summary

Aliases

VCID-yjt6-bhfr-u3aj

Duplicate Advisory: Prototype Pollution in jquery ## Duplicate Advisory This advisory is a duplicate of [GHSA-6c3j-c64m-qhgq](https://github.com/advisories/GHSA-6c3j-c64m-qhgq). This link is maintained to preserve external references. ## Original Description Versions of `jquery` prior to 3.4.0 are vulnerable to Prototype Pollution. The extend() method allows an attacker to modify the prototype for `Object` causing changes in properties that will exist on all objects. ## Recommendation Upgrade to version 3.4.0 or later.

CVE-2019-5428
GHSA-wv67-q8rr-grjp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T01:32:28.270606+00:00	GHSA Importer	Affected by	VCID-5618-53yg-8qh4	https://github.com/advisories/GHSA-gxr4-xjj5-5px2	38.4.0
2026-04-11T13:01:49.137628+00:00	GHSA Importer	Affected by	VCID-5618-53yg-8qh4	https://github.com/advisories/GHSA-gxr4-xjj5-5px2	38.3.0
2026-04-02T13:53:48.468225+00:00	GHSA Importer	Affected by	VCID-5618-53yg-8qh4	https://github.com/advisories/GHSA-gxr4-xjj5-5px2	38.1.0
2026-04-01T15:57:26.382423+00:00	GHSA Importer	Fixing	VCID-yjt6-bhfr-u3aj	https://github.com/advisories/GHSA-wv67-q8rr-grjp	38.0.0
2026-04-01T13:04:10.878487+00:00	GithubOSV Importer	Fixing	VCID-yjt6-bhfr-u3aj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-wv67-q8rr-grjp/GHSA-wv67-q8rr-grjp.json	38.0.0