{"url":"http://public2.vulnerablecode.io/api/packages/55553?format=json","purl":"pkg:npm/html-janitor@2.0.4","type":"npm","namespace":"","name":"html-janitor","version":"2.0.4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30566?format=json","vulnerability_id":"VCID-hqpc-pjzk-qubh","summary":"html-janitor passing user-controlled data to clean() leads to XSS\nPassing user-controlled data to the module's clean() function can result in arbitrary JS execution, because of unsafe DOM operations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0931","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44678","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44609","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0931"},{"reference_url":"https://github.com/advisories/GHSA-hfj4-96f7-6r5g","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hfj4-96f7-6r5g"},{"reference_url":"https://github.com/guardian/html-janitor/issues/34","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guardian/html-janitor/issues/34"},{"reference_url":"https://hackerone.com/reports/308155","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/308155"},{"reference_url":"https://www.npmjs.com/advisories/576","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/576"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/366.json","reference_id":"366","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/366.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0931","reference_id":"CVE-2017-0931","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0931"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/143737?format=json","purl":"pkg:npm/html-janitor@2.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/html-janitor@2.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/55553?format=json","purl":"pkg:npm/html-janitor@2.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/html-janitor@2.0.4"}],"aliases":["CVE-2017-0931","GHSA-hfj4-96f7-6r5g"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hqpc-pjzk-qubh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30568?format=json","vulnerability_id":"VCID-m8wu-u1mt-cfdp","summary":"html-janitor bypassing sanitization using DOM clobbering\nArbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0928","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40206","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40124","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0928"},{"reference_url":"https://github.com/advisories/GHSA-fx46-whrj-73v5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fx46-whrj-73v5"},{"reference_url":"https://github.com/guardian/html-janitor/issues/35","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/guardian/html-janitor/issues/35"},{"reference_url":"https://hackerone.com/reports/308158","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/308158"},{"reference_url":"https://www.npmjs.com/advisories/569","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/569"},{"reference_url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/365.json","reference_id":"365","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/nodejs/security-wg/blob/main/vuln/npm/365.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0928","reference_id":"CVE-2017-0928","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0928"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55553?format=json","purl":"pkg:npm/html-janitor@2.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/html-janitor@2.0.4"}],"aliases":["CVE-2017-0928","GHSA-fx46-whrj-73v5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m8wu-u1mt-cfdp"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/html-janitor@2.0.4"}