{"url":"http://public2.vulnerablecode.io/api/packages/371336?format=json","purl":"pkg:npm/html-janitor@2.0.2","type":"npm","namespace":"","name":"html-janitor","version":"2.0.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.0.4","latest_non_vulnerable_version":"2.0.4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362246?format=json","vulnerability_id":"VCID-4ubh-bt16-9kg9","summary":"Sanitization bypassing leading to XSS\nArbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function.","references":[],"fixed_packages":[],"aliases":["GMS-2017-329"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ubh-bt16-9kg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201037?format=json","vulnerability_id":"VCID-teqj-k27c-s3e7","summary":"Bypassing Sanitization using DOM clobbering in html-janitor","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0928","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40219","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0928"},{"reference_url":"https://github.com/guardian/html-janitor/issues/35","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guardian/html-janitor/issues/35"},{"reference_url":"https://hackerone.com/reports/308158","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/308158"},{"reference_url":"https://www.npmjs.com/advisories/569","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/569"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/365.json","reference_id":"365","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/365.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0928","reference_id":"CVE-2017-0928","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0928"},{"reference_url":"https://github.com/advisories/GHSA-fx46-whrj-73v5","reference_id":"GHSA-fx46-whrj-73v5","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fx46-whrj-73v5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/390285?format=json","purl":"pkg:npm/html-janitor@2.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/html-janitor@2.0.4"}],"aliases":["CVE-2017-0928","GHSA-fx46-whrj-73v5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-teqj-k27c-s3e7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202571?format=json","vulnerability_id":"VCID-vn6w-nxna-ukar","summary":"Cross-Site Scripting in html-janitor","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0931","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.447","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0931"},{"reference_url":"https://github.com/guardian/html-janitor/issues/34","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guardian/html-janitor/issues/34"},{"reference_url":"https://hackerone.com/reports/308155","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/308155"},{"reference_url":"https://www.npmjs.com/advisories/576","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/576"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/366.json","reference_id":"366","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/366.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0931","reference_id":"CVE-2017-0931","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0931"},{"reference_url":"https://github.com/advisories/GHSA-hfj4-96f7-6r5g","reference_id":"GHSA-hfj4-96f7-6r5g","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hfj4-96f7-6r5g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14494?format=json","purl":"pkg:npm/html-janitor@2.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/html-janitor@2.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/390285?format=json","purl":"pkg:npm/html-janitor@2.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/html-janitor@2.0.4"}],"aliases":["CVE-2017-0931","GHSA-hfj4-96f7-6r5g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vn6w-nxna-ukar"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/html-janitor@2.0.2"}