Package impact
NPM / sanitize-html
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44990 | critical | — | 9.5 | 20d ago | Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html` |
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44990 | critical | — | 9.5 | 20d ago | Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html` |