OsVault/npm/@xmldom/xmldom
npm2 critical

@xmldom/xmldom

8 known vulnerabilities · 2 critical · 1 high

CVE-2021-32796MEDIUM

Misinterpretation of malicious XML input

Published Aug 3, 2021
CVE-2022-39353CRITICAL

xmldom allows multiple root nodes in a DOM

Published Nov 1, 2022
CVE-2022-37616CRITICAL

Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom

Published Oct 11, 2022
GHSA-f6ww-3ggp-fr8h

xmldom has XML injection through unvalidated DocumentType serialization

Published Apr 22, 2026
CVE-2026-34601HIGH
Risk: 37.51/100

xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion

Published Apr 1, 2026
GHSA-2v35-w6hq-6mfw

xmldom: Uncontrolled recursion in XML serialization leads to DoS

Published Apr 22, 2026
GHSA-j759-j44w-7fr8

xmldom has XML node injection through unvalidated comment serialization

Published Apr 22, 2026
GHSA-x6wf-f3px-wcqx

xmldom has XML node injection through unvalidated processing instruction serialization

Published Apr 22, 2026
Check your entire dependency tree at onceRun dependency scan →