Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

sanitize-html

View on npm registry
10 Total advisories
10 Vulnerabilities
0 Malware

Vulnerabilities

CRITICAL 9.3
npm

CVE-2026-44990

Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`
MEDIUM 6.1
npm

CVE-2026-40186

sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements
MEDIUM 6.1
npm

CVE-2019-25225

sanitize-html is vulnerable to XSS through incomprehensive sanitization
MEDIUM 5.3
npm

CVE-2024-21501

sanitize-html Information Exposure vulnerability
HIGH 7.5
npm

CVE-2022-25887

Sanitize-html Vulnerable To REDoS Attacks
MEDIUM 5.3
npm

CVE-2021-26540

Improper Input Validation in sanitize-html
MEDIUM 5.3
npm

CVE-2021-26539

Improper Input Validation in sanitize-html
MEDIUM 6.1
npm

CVE-2017-16017

Cross-Site Scripting in sanitize-html
UNKNOWN
npm

CVE-2017-16016

Cross-Site Scripting in sanitize-html
MEDIUM 6.1
npm

CVE-2016-1000237

Cross-Site Scripting in sanitize-html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes