Package impact
npm / tarteaucitronjs
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-1467 | medium | 6.1 | 6.1 | 1y ago | tarteaucitron Cross-site Scripting (XSS) | |||
| CVE-2026-22809 | unknown | — | — | 5mo ago | tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability | |||
| CVE-2025-48939 | unknown | — | — | 11mo ago | tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript | |||
| CVE-2025-31476 | unknown | — | — | 1y ago | This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to a persistent Cross S… | |||
| CVE-2025-31475 | unknown | — | — | 1y ago | tarteaucitron.js allows prototype pollution via custom text injection | |||
| CVE-2025-31138 | unknown | — | — | 1y ago | tarteaucitron.js allows UI manipulation via unrestricted CSS injection | |||
| CVE-2023-3620 | unknown | — | — | 3y ago | tarteaucitron.js vulnerable to Cross-site Scripting |