[Git][security-tracker-team/security-tracker][master] node-dompurify fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Apr 25 16:13:08 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e6627ebf by Moritz Muehlenhoff at 2026-04-25T17:12:36+02:00
node-dompurify fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1069,13 +1069,13 @@ CVE-2026-41246 (Contour is a Kubernetes ingress controller using Envoy proxy. Fr
CVE-2026-41241 (pretalx is a conference planning tool. Prior to 2026.1.0, The organise ...)
NOT-FOR-US: pretalx
CVE-2026-41240 (DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathM ...)
- - node-dompurify <unfixed> (bug #1134892)
+ - node-dompurify 3.4.1+dfsg-1 (bug #1134892)
NOTE: https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m
CVE-2026-41239 (DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathM ...)
- - node-dompurify <unfixed> (bug #1134892)
+ - node-dompurify 3.4.1+dfsg-1 (bug #1134892)
NOTE: https://github.com/cure53/DOMPurify/security/advisories/GHSA-crv5-9vww-q3g8
CVE-2026-41238 (DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathM ...)
- - node-dompurify <unfixed> (bug #1134892)
+ - node-dompurify 3.4.1+dfsg-1 (bug #1134892)
NOTE: https://github.com/cure53/DOMPurify/security/advisories/GHSA-v9jr-rg53-9pgp
CVE-2026-41213 (@node-oauth/oauth2-server is a module for implementing an OAuth2 serve ...)
NOT-FOR-US: node-oauth2-server
@@ -132836,7 +132836,7 @@ CVE-2025-4516 (There is an issue in CPython when using `bytes.decode("unicode_es
CVE-2025-48051 (powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some ap ...)
NOT-FOR-US: Lichess Lila
CVE-2025-48050 (In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ...)
- - node-dompurify <unfixed> (unimportant)
+ - node-dompurify 3.3.2+dfsg-1 (unimportant)
NOTE: https://github.com/odaysec/advisory/blob/main/cure53/DOMPurify/writeup.md
NOTE: https://github.com/cure53/DOMPurify/pull/1101
NOTE: https://github.com/cure53/DOMPurify/commit/e9afd609397aa31b0747a766504f698fcb6ad0f7
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6627ebf40980de62636495b9ea737e97617a17e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6627ebf40980de62636495b9ea737e97617a17e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260425/ef47694c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list