| CVE-2026-41675 |
high |
— |
8.0 |
|
|
|
23d ago |
xmldom has XML node injection through unvalidated processing instruction serialization |
| CVE-2026-41674 |
high |
— |
8.0 |
|
|
|
23d ago |
xmldom has XML injection through unvalidated DocumentType serialization |
| CVE-2026-41673 |
high |
— |
8.0 |
|
|
|
23d ago |
xmldom: Uncontrolled recursion in XML serialization leads to DoS |
| CVE-2026-41672 |
high |
— |
8.0 |
|
|
|
23d ago |
xmldom has XML node injection through unvalidated comment serialization |
| CVE-2026-34601 |
unknown |
— |
— |
|
|
|
2mo ago |
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9,… |
| CVE-2022-39353 |
unknown |
— |
— |
|
|
|
4y ago |
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements… |
| CVE-2022-37616 |
unknown |
— |
— |
|
|
|
4y ago |
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we … |
| CVE-2021-32796 |
unknown |
— |
— |
|
|
|
5y ago |
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when … |