Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

@xmldom/xmldom

Ecosystem:
npm
Package URL:
pkg:npm/@xmldom/xmldom
Total PRs:
838 Dependabot PRs
Latest PR:
1 day ago
Unique Repositories:
569 repositories
Unique Repos (30 days):
141 repositories
Security Advisories
Misinterpretation of malicious XML input
GHSA-5fg8-2547-mr8q CVE-2021-32796 MODERATE published almost 5 years ago • updated 18 days ago
### Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This m...
xmldom: Uncontrolled recursion in XML serialization leads to DoS
GHSA-2v35-w6hq-6mfw CVE-2026-41673 HIGH published about 1 month ago • updated 10 days ago
## Summary Seven recursive traversals in `lib/dom.js` operate without a depth limit. A sufficiently deeply nested DOM tree causes a `RangeError: M...
xmldom has XML node injection through unvalidated comment serialization
GHSA-j759-j44w-7fr8 CVE-2026-41672 HIGH published about 1 month ago • updated 11 days ago
## Summary The package allows attacker-controlled comment content to be serialized into XML without validating or neutralizing comment breaking se...
xmldom has XML injection through unvalidated DocumentType serialization
GHSA-f6ww-3ggp-fr8h CVE-2026-41674 HIGH published about 1 month ago • updated 10 days ago
## Summary The package serializes `DocumentType` node fields (`internalSubset`, `publicId`, `systemId`) verbatim without any escaping or validatio...
xmldom has XML node injection through unvalidated processing instruction serialization
GHSA-x6wf-f3px-wcqx CVE-2026-41675 HIGH published about 1 month ago • updated 2 days ago
## Summary The package allows attacker-controlled processing instruction data to be serialized into XML without validating or neutralizing the PI-...
View all 7 advisories
Recent PRs
RSS Feed
Bump the npm_and_yarn group across 5 directories with 23 updates

suitenumerique/meet #1371

0.8.11 → 0.8.13 Patch PR
Open 1 day ago 1 comment
suitenumerique
Build(deps): Bump the npm_and_yarn group across 1 directory with 27 updates

EmilynnJ/ragflow #1

0.8.10 → 0.8.13 Patch PR
Open 2 days ago 4 comments
EmilynnJ
Bump the npm_and_yarn group across 6 directories with 9 updates

pdragy/trillium #129

0.8.12 → 0.8.13 Patch PR
Closed 4 days ago 1 comment
pdragy
Bump the npm_and_yarn group across 5 directories with 25 updates

imagelessthought/overleaf #32

0.7.13 → 0.8.13 Minor PR
Closed 5 days ago 1 comment
imagelessthought
Bump the npm_and_yarn group across 6 directories with 13 updates

SamaelxLunafreya/continue #24

0.8.10 → 0.8.13 Patch PR
Closed 5 days ago 1 comment
SamaelxLunafreya
Bump the npm_and_yarn group across 4 directories with 18 updates

Klomgor/ente #898

0.8.10 → 0.8.13 Patch PR
Closed 6 days ago 1 comment
Klomgor
chore(deps): bump the minor-security group across 2 directories with 11 updates

bloom-housing/bloom #6350

0.8.10 → 0.8.13 Patch PR
Closed 6 days ago 4 comments
bloom-housing
Bump the npm_and_yarn group across 5 directories with 9 updates

PCWProps/zapier-platform #5

0.8.11 → 0.8.13 Patch PR
Closed 6 days ago 1 comment
PCWProps
build(deps): bump the npm_and_yarn group across 1 directory with 5 updates

insthync/nodejs-in-app-purchase #6

0.8.5 → 0.8.13 Patch PR
Open 6 days ago 1 comment
insthync
chore(deps): bump the minor-security group across 2 directories with 11 updates

bloom-housing/bloom #6341

0.8.10 → 0.8.13 Patch PR
Open 7 days ago 3 comments
bloom-housing
chore(deps): bump the npm_and_yarn group across 5 directories with 17 updates

LoveDoLove-Forked-Projects/cline #35

0.8.11 → 0.8.13 Patch PR
Closed 7 days ago 1 comment
LoveDoLove-Forked-Projects
build(deps): Bump the npm_and_yarn group across 1 directory with 9 updates

CrashBytes/volarybrowser #7

0.8.12 → 0.8.13 Patch PR
Open 8 days ago 1 comment
CrashBytes
build(deps-dev): Bump @xmldom/xmldom from 0.8.12 to 0.8.13

CrashBytes/volarybrowser #5

0.8.12 → 0.8.13 Patch PR
Closed 8 days ago 2 comments
CrashBytes
chore(deps): bump @xmldom/xmldom from 0.8.10 to 0.8.13 in the npm_and_yarn group across 1 directory

KooshaPari/AppGen #50

0.8.10 → 0.8.13 Patch PR
Open 8 days ago 5 comments
KooshaPari
chore(deps)(deps): bump the production-minor-patch group with 9 updates

tobias363/Spillorama-system #1762

0.8.13 → 0.9.10 Minor PR
Open 8 days ago 5 comments
tobias363
chore(deps): bump the npm_and_yarn group across 6 directories with 18 updates

CptnFizzbin/backstage #53

0.8.10 → 0.8.13 Patch PR
Closed 8 days ago 1 comment
CptnFizzbin
chore(deps): Bump the npm_and_yarn group across 1 directory with 7 updates

ry-ops/ATSFlow #16

0.8.11 → 0.8.13 Patch PR
Closed 9 days ago 2 comments
ry-ops
build(deps): bump the npm_and_yarn group across 1 directory with 5 updates

Tygo-van-den-Hurk/Slyde #33

0.9.8 → 0.9.10 Patch PR
Open 9 days ago 1 comment
Tygo-van-den-Hurk
chore(deps): bump the npm_and_yarn group across 5 directories with 12 updates

alexis-opolka/standardnote-app #40

0.8.10 → 0.8.13 Patch PR
Closed 9 days ago 1 comment
alexis-opolka
Bump the npm_and_yarn group across 1 directory with 5 updates

fchastanet/my-documents #23

0.9.8 → 0.9.10 Patch PR
Open 9 days ago 1 comment
fchastanet
chore(deps): bump the npm_and_yarn group across 5 directories with 19 updates

vinnub143/QuarterBack_BackStage_Sec_Testing #55

0.8.11 → 0.8.13 Patch PR
Closed 9 days ago 1 comment
vinnub143
chore(deps): bump the npm_and_yarn group across 5 directories with 18 updates

vinnub143/QuarterBack_BackStage_Sec_Testing #54

0.8.11 → 0.8.13 Patch PR
Closed 9 days ago 1 comment
vinnub143
Bump the npm_and_yarn group across 1 directory with 16 updates

stvn101/CoWork-OS #1

0.8.11 → 0.8.13 Patch PR
Open 9 days ago 3 comments
stvn101
chore(deps): bump the npm_and_yarn group across 5 directories with 18 updates

commercetools-demo/contentools #55

0.8.11 → 0.8.13 Patch PR
Closed 9 days ago 2 comments
commercetools-demo
build(deps): bump the npm_and_yarn group across 21 directories with 13 updates

Kaairofelipe/vscode #50

0.8.11 → 0.8.13 Patch PR
Closed 10 days ago 1 comment
Kaairofelipe
build(deps): bump the npm_and_yarn group across 21 directories with 13 updates

DevFlex-AI/devonz-editor-web #32

0.8.11 → 0.8.13 Patch PR
Closed 10 days ago 2 comments
DevFlex-AI
Bump the npm_and_yarn group across 11 directories with 17 updates

HarleyCoops/joplin #17

0.8.8 → 0.8.13 Patch PR
Open 10 days ago 2 comments
HarleyCoops
Bump the npm_and_yarn group across 1 directory with 3 updates

K1LLLAGT/android-resuite #1

0.8.10 → 0.8.13 Patch PR
Open 10 days ago 1 comment
K1LLLAGT
chore(deps): bump the npm_and_yarn group across 2 directories with 27 updates

towan912/misskey #1

0.9.8 → 0.9.10 Patch PR
Open 11 days ago 1 comment
towan912
build(deps): bump the npm_and_yarn group across 5 directories with 17 updates

alejandrocuba/angular #3

0.8.10 → 0.8.13 Patch PR
Closed 11 days ago 1 comment
alejandrocuba
Bump the npm_and_yarn group across 1 directory with 25 updates

fujimakis-sss/juice-shop #4

0.8.11 → 0.8.13 Patch PR
Closed 11 days ago 1 comment
fujimakis-sss
chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates

zehguilherme/studio-amanda-borges #557

0.8.10 → 0.8.13 Patch PR
Open 11 days ago 2 comments
zehguilherme
chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates

shortlink-org/shortlink #22922

0.7.13 → 0.8.13 Minor PR
Open 11 days ago 1 comment
shortlink-org
Bump the npm_and_yarn group across 5 directories with 10 updates

dubinc/dub #3936

0.8.10 → 0.9.8 Minor PR
Closed 11 days ago 5 comments
dubinc
Bump the npm_and_yarn group across 9 directories with 18 updates

HarleyCoops/joplin #14

0.8.8 → 0.8.13 Patch PR
Closed 11 days ago 3 comments
HarleyCoops
build(deps): bump the npm_and_yarn group across 2 directories with 16 updates

ecency/vision-next #806

0.9.8 → 0.9.10 Patch PR
Open 12 days ago 1 comment
ecency
chore(deps): bump the npm_and_yarn group across 1 directory with 19 updates

atze1210/aa-sdk #277

0.7.13 → 0.8.13 Minor PR
Open 13 days ago 2 comments
atze1210
chore(deps): bump the npm_and_yarn group across 3 directories with 13 updates

alexis-opolka/standardnote-app #37

0.8.10 → 0.8.13 Patch PR
Closed 13 days ago 1 comment
alexis-opolka
build(deps): bump the npm_and_yarn group across 16 directories with 19 updates

hashim21223445/angular #307

0.8.10 → 0.8.13 Patch PR
Open 13 days ago 3 comments
hashim21223445
chore(deps): bump the npm_and_yarn group across 3 directories with 31 updates

Reality2byte/metamask-mobile #766

0.8.13 → 0.9.10 Minor PR
Closed 14 days ago 1 comment
Reality2byte
chore(deps): bump the npm_and_yarn group across 2 directories with 4 updates

cicero-im/web-components #26

0.8.6 → 0.8.13 Patch PR
Closed 14 days ago 1 comment
cicero-im
chore(deps-dev): bump the dev-minor-patch group across 1 directory with 5 updates

FoxxDev-Collab/railops #44

0.9.9 → 0.9.10 Patch PR
Open 14 days ago 1 comment
FoxxDev-Collab
chore(deps): bump the npm_and_yarn group across 3 directories with 8 updates

igormenin/PontoFacil #1

0.8.12 → 0.8.13 Patch PR
Closed 14 days ago 2 comments
igormenin
Bump the npm_and_yarn group across 1 directory with 29 updates

ivanm696/chatbot-ui #1

0.8.10 → 0.8.13 Patch PR
Open 14 days ago 2 comments
ivanm696
chore(deps): bump the npm_and_yarn group across 2 directories with 8 updates

jadenblack/nocodb #80

0.7.9 → 0.7.13 Patch PR
Closed 14 days ago 3 comments
jadenblack
chore(deps): bump the npm_and_yarn group across 1 directory with 7 updates

shortlink-org/shortlink #22921

0.7.13 → 0.8.13 Minor PR
Closed 14 days ago 2 comments
shortlink-org
chore(deps): bump the npm_and_yarn group across 1 directory with 23 updates

Rytass/Utils #202

0.8.11 → 0.8.13 Patch PR
Open 14 days ago 2 comments
Rytass
chore(deps): bump the npm_and_yarn group across 1 directory with 17 updates

Rytass/Utils #193

0.8.11 → 0.8.13 Patch PR
Closed 14 days ago 2 comments
Rytass
chore(deps): bump @xmldom/xmldom from 0.9.8 to 0.9.10

Enflame-Media/Magic-Agent #193

0.9.8 → 0.9.10 Patch PR
Open 15 days ago 4 comments
Enflame-Media
chore(deps): bump the npm_and_yarn group across 2 directories with 17 updates

nilhemdot/OpenMemory #2

0.8.11 → 0.8.13 Patch PR
Open 15 days ago 3 comments
nilhemdot
Package Details
Name: @xmldom/xmldom
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/@xmldom/xmldom
JSON API: View JSON
Security Advisories

7

Active advisories
CRITICAL 1
HIGH 5
MODERATE 1
View All npm Advisories
Package Information
Description:

A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.

Repository: https://github.com/xmldom/xmldom
Homepage: https://github.com/xmldom/xmldom
Latest Release: 0.9.8
over 1 year ago
Dependent Repos: 85,555
Dependent Packages: 605
Downloads: 46,175,323
Ranking: Top 0.1065% by dependent repos Top 0.048% by downloads Top 0.1006% by dependent pkgs
PR Status
Open 399 (47.7%)
Merged 11 (1.3%)
Closed 419 (50.1%)
PR Types
Minor 62 (7.4%)
Patch 763 (91.3%)
Removal 2 (0.2%)