Package impact
npm / sanitize-html
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44990 | critical | — | 9.5 | 16d ago | Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html` |
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44990 | critical | — | 9.5 | 16d ago | Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html` |