OsVault/npm/sanitize-html
npm

sanitize-html

9 known vulnerabilities · 0 critical · 0 high

CVE-2019-25225MEDIUM

sanitize-html is vulnerable to XSS through incomprehensive sanitization

Published Sep 8, 2025
CVE-2016-1000237MEDIUM

Cross-Site Scripting in sanitize-html

Published Apr 16, 2020
CVE-2022-25887MEDIUM

Sanitize-html Vulnerable To REDoS Attacks

Published Aug 31, 2022
CVE-2021-26540MEDIUM

Improper Input Validation in sanitize-html

Published May 6, 2021
CVE-2017-16017MEDIUM

Cross-Site Scripting in sanitize-html

Published Nov 9, 2018
GHSA-9mrh-v2v3-xpfm

sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements

Published Apr 16, 2026
CVE-2017-16016MEDIUM

Cross-Site Scripting in sanitize-html

Published Nov 9, 2018
CVE-2021-26539MEDIUM

Improper Input Validation in sanitize-html

Published May 6, 2021
GHSA-rpr9-rxv7-x643

Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

Published May 14, 2026
Check your entire dependency tree at onceRun dependency scan →