Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

@xmldom/xmldom

Ecosystem:
npm
Package URL:
pkg:npm/@xmldom/xmldom
Total PRs:
851 Dependabot PRs
Latest PR:
1 day ago
Unique Repositories:
579 repositories
Unique Repos (30 days):
76 repositories
Security Advisories
xmldom: Uncontrolled recursion in XML serialization leads to DoS
GHSA-2v35-w6hq-6mfw CVE-2026-41673 HIGH published about 2 months ago • updated 1 day ago
## Summary Seven recursive traversals in `lib/dom.js` operate without a depth limit. A sufficiently deeply nested DOM tree causes a `RangeError: M...
xmldom has XML injection through unvalidated DocumentType serialization
GHSA-f6ww-3ggp-fr8h CVE-2026-41674 HIGH published about 2 months ago • updated 3 days ago
## Summary The package serializes `DocumentType` node fields (`internalSubset`, `publicId`, `systemId`) verbatim without any escaping or validatio...
xmldom allows multiple root nodes in a DOM
GHSA-crh6-fp67-6883 CVE-2022-39353 CRITICAL published over 3 years ago • updated 3 days ago
### Impact xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` c...
xmldom has XML node injection through unvalidated comment serialization
GHSA-j759-j44w-7fr8 CVE-2026-41672 HIGH published about 2 months ago • updated 1 day ago
## Summary The package allows attacker-controlled comment content to be serialized into XML without validating or neutralizing comment breaking se...
Misinterpretation of malicious XML input
GHSA-5fg8-2547-mr8q CVE-2021-32796 MODERATE published almost 5 years ago • updated 8 days ago
### Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This m...
View all 7 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
chore(deps): bump @xmldom/xmldom from 0.9.8 to 0.9.10

Enflame-Media/Magic-Agent #193

0.9.8 → 0.9.10 Patch PR
Open 26 days ago 4 comments
Enflame-Media
chore(deps): bump the npm_and_yarn group across 2 directories with 17 updates

nilhemdot/OpenMemory #2

0.8.11 → 0.8.13 Patch PR
Open 26 days ago 3 comments
nilhemdot
Bump the npm_and_yarn group across 1 directory with 5 updates

advayc/sitemaker #11

0.8.11 → 0.8.13 Patch PR
Open 26 days ago 1 comment
advayc
deps: bump @xmldom/xmldom from 0.8.11 to 0.8.13

RCushmaniii/ai-chatbot-saas #34

0.8.11 → 0.8.13 Patch PR
Open 27 days ago 2 comments
RCushmaniii
Bump the npm_and_yarn group across 1 directory with 26 updates

adrianwedd/Open-Assistant #1

0.8.7 → 0.8.13 Patch PR
Open 27 days ago 1 comment
adrianwedd
Bump the npm_and_yarn group across 1 directory with 25 updates

realbrodiwhite/royalgamesclient #36

0.8.10 → 0.8.13 Patch PR
Open 27 days ago 1 comment
realbrodiwhite
Bump the npm_and_yarn group across 16 directories with 21 updates

AKJUS/todomvc #27

0.8.10 → 0.8.13 Patch PR
Open 27 days ago 1 comment
AKJUS
chore(deps): bump the npm_and_yarn group across 2 directories with 16 updates

servrox-solutions/punktaro-app #6

0.8.10 → 0.8.13 Patch PR
Open 28 days ago 1 comment
servrox-solutions
chore(deps): Bump the npm_and_yarn group across 1 directory with 27 updates

fairspec/fairspec-application #13

0.8.11 → 0.8.13 Patch PR
Open 28 days ago 3 comments
fairspec
chore (deps): bump the patch-updates group across 1 directory with 12 updates

vooltgrouplimited2-svg/CyberChef #9

0.8.12 → 0.8.13 Patch PR
Closed 28 days ago 1 comment
vooltgrouplimited2-svg
chore(deps): bump the npm_and_yarn group across 6 directories with 20 updates

loveyou001/wizard #19

0.8.10 → 0.8.13 Patch PR
Open 28 days ago 6 comments
loveyou001
chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates

arthur-debert/simple-gal-ui #37

0.8.12 → 0.8.13 Patch PR
Closed 29 days ago 1 comment
arthur-debert
Bump the npm_and_yarn group across 8 directories with 4 updates

SbruiceS/azuredatastudio #145

0.8.4 → 0.8.13 Patch PR
Open 29 days ago 1 comment
SbruiceS
chore(deps): bump the minor-security group across 2 directories with 11 updates

bloom-housing/bloom #6311

0.8.10 → 0.8.13 Patch PR
Open 29 days ago 6 comments
bloom-housing
Bump the npm_and_yarn group across 2 directories with 15 updates

GlacierEQ/desktop-app #4

0.8.10 → 0.8.13 Patch PR
Open 29 days ago 2 comments
GlacierEQ
Bump the npm_and_yarn group across 3 directories with 2 updates

junkojv/devops-portfolio #62

0.7.9 → 0.7.13 Patch PR
Closed 29 days ago 1 comment
junkojv
build(deps): bump the npm_and_yarn group across 5 directories with 7 updates

twcctz200/sentry-javascript #102

0.8.3 → 0.8.13 Patch PR
Closed 29 days ago 1 comment
twcctz200
build(deps): bump the npm_and_yarn group across 6 directories with 12 updates

jinhua115/continue #19

0.8.10 → 0.8.13 Patch PR
Closed 30 days ago 1 comment
jinhua115
Bump the npm_and_yarn group across 12 directories with 13 updates

mohdazrialbinmohdsaini-beep/vscode #12

0.8.12 → 0.8.13 Patch PR
Closed about 1 month ago 1 comment
mohdazrialbinmohdsaini-beep
chore(deps): bump the npm_and_yarn group across 5 directories with 20 updates

vinnub143/QuarterBack_BackStage_Sec_Testing #45

0.8.11 → 0.8.13 Patch PR
Open about 1 month ago 1 comment
vinnub143
Bump the npm_and_yarn group across 1 directory with 11 updates

ethyca/fides #8171

0.8.10 → 0.8.13 Patch PR
Open about 1 month ago 2 comments
ethyca
chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates

evantaylaz-cyber/salesblitz-app #4

0.8.12 → 0.8.13 Patch PR
Closed about 1 month ago 3 comments
evantaylaz-cyber
Bump the npm_and_yarn group across 36 directories with 15 updates

leeeeeeeeujin-ctrl/starbase #154

0.8.11 → 0.8.13 Patch PR
Open about 1 month ago 1 comment
leeeeeeeeujin-ctrl
chore(deps): bump the minor-security group across 2 directories with 12 updates

bloom-housing/bloom #6286

0.8.10 → 0.8.13 Patch PR
Open about 1 month ago 5 comments
bloom-housing
chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates

sotashimozono/obsidian-remote-ssh #282

0.8.10 → 0.8.13 Patch PR
Closed about 1 month ago 1 comment
sotashimozono
Bump the npm_and_yarn group across 15 directories with 19 updates

AKJUS/todomvc #23

0.8.10 → 0.8.13 Patch PR
Open about 1 month ago 1 comment
AKJUS
Bump the npm_and_yarn group across 2 directories with 6 updates

stytchauth/stytch-browser #73

0.8.12 → 0.8.13 Patch PR
Open about 1 month ago 2 comments
stytchauth
chore(deps): bump the npm_and_yarn group across 7 directories with 3 updates

AKJUS/gatsby #120

0.7.10 → 0.7.13 Patch PR
Open about 1 month ago 1 comment
AKJUS
build(deps): bump the npm_and_yarn group across 5 directories with 7 updates

twcctz200/angular #224

0.8.6 → 0.8.13 Patch PR
Closed about 1 month ago 1 comment
twcctz200
chore(deps): bump the npm_and_yarn group across 2 directories with 19 updates

helton-godoy/automaker #23

0.8.11 → 0.8.13 Patch PR
Open about 1 month ago 1 comment
helton-godoy
Bump the npm_and_yarn group across 12 directories with 10 updates

EU-UNION-AI-PACT/vscode #38

0.8.11 → 0.8.13 Patch PR
Closed about 1 month ago 1 comment
EU-UNION-AI-PACT
chore(deps): bump the npm_and_yarn group across 1 directory with 12 updates

budgie-at/budgie #415

0.8.11 → 0.8.13 Patch PR
Open about 1 month ago 1 comment
budgie-at
build(deps): bump the npm_and_yarn group across 16 directories with 14 updates

hashim21223445/angular #302

0.8.10 → 0.8.13 Patch PR
Open about 1 month ago 3 comments
hashim21223445
Bump the npm_and_yarn group across 8 directories with 17 updates

billlzzz10/dyad-bl1nk #32

0.8.11 → 0.8.13 Patch PR
Open about 1 month ago 6 comments
billlzzz10
Bump the npm_and_yarn group across 18 directories with 15 updates

Canmarha/vscode #53

0.8.11 → 0.8.13 Patch PR
Closed about 1 month ago 2 comments
Canmarha
chore(deps): bump the npm_and_yarn group across 7 directories with 11 updates

asleekgeek/bruno #468

0.8.10 → 0.8.13 Patch PR
Open about 1 month ago 1 comment
asleekgeek
chore(deps): bump the npm_and_yarn group across 3 directories with 19 updates

Sundsvallskommun/web-app-draken-public #997

0.8.10 → 0.8.13 Patch PR
Open about 1 month ago 1 comment
Sundsvallskommun
Bump the npm_and_yarn group across 30 directories with 18 updates

leeeeeeeeujin-ctrl/starbase #145

0.8.11 → 0.8.13 Patch PR
Open about 1 month ago 1 comment
leeeeeeeeujin-ctrl
chore(deps): bump the npm_and_yarn group across 4 directories with 10 updates

passariello/jan #69

0.8.10 → 0.8.13 Patch PR
Closed about 1 month ago 1 comment
passariello
Bump the npm_and_yarn group across 1 directory with 24 updates

realbrodiwhite/royalgamesclient #34

0.8.10 → 0.8.13 Patch PR
Open about 1 month ago 2 comments
realbrodiwhite
build(deps): bump the npm_and_yarn group across 16 directories with 17 updates

hashim21223445/angular #301

0.8.10 → 0.8.13 Patch PR
Open about 1 month ago 3 comments
hashim21223445
Bump the npm_and_yarn group across 9 directories with 11 updates

mohdazrialbinmohdsaini-beep/vscode #7

0.8.12 → 0.8.13 Patch PR
Closed about 1 month ago 1 comment
mohdazrialbinmohdsaini-beep
Bump the npm_and_yarn group across 7 directories with 6 updates

100mslive/100ms-react-native #1623

0.8.10 → 0.8.13 Patch PR
Open about 1 month ago 1 comment
100mslive
Bump the npm_and_yarn group across 15 directories with 19 updates

codemonkey85/todomvc #21

0.8.10 → 0.8.13 Patch PR
Closed about 1 month ago 1 comment
codemonkey85
chore(deps): bump the npm_and_yarn group across 1 directory with 18 updates

IrlanCDosSantos/irlan.bolt.diy #28

0.8.10 → 0.8.13 Patch PR
Closed about 1 month ago 2 comments
IrlanCDosSantos
Bump the npm_and_yarn group across 9 directories with 10 updates

mohdazrialbinmohdsaini-beep/vscode #6

0.8.12 → 0.8.13 Patch PR
Closed about 1 month ago 1 comment
mohdazrialbinmohdsaini-beep
chore(deps): bump the npm_and_yarn group across 23 directories with 5 updates

alvesribeirof/pos_graduacao #39

0.8.12 → 0.8.13 Patch PR
Closed about 1 month ago 1 comment
alvesribeirof
chore(deps): bump the npm_and_yarn group across 23 directories with 6 updates

alvesribeirof/pos_graduacao #38

0.8.12 → 0.8.13 Patch PR
Closed about 1 month ago 1 comment
alvesribeirof
chore(deps): bump the npm_and_yarn group across 14 directories with 11 updates

hashim21223445/cypress #184

0.8.10 → 0.8.13 Patch PR
Closed about 1 month ago 3 comments
hashim21223445
Bump the npm_and_yarn group across 10 directories with 10 updates

GlacierEQ/activepieces #101

0.8.10 → 0.8.13 Patch PR
Closed about 1 month ago 5 comments
GlacierEQ
Package Details
Name: @xmldom/xmldom
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/@xmldom/xmldom
JSON API: View JSON
Security Advisories

7

Active advisories
CRITICAL 1
HIGH 5
MODERATE 1
View All npm Advisories
Package Information
Description:

A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.

Repository: https://github.com/xmldom/xmldom
Homepage: https://github.com/xmldom/xmldom
Latest Release: 0.9.8
over 1 year ago
Dependent Repos: 85,555
Dependent Packages: 605
Downloads: 46,175,323
Ranking: Top 0.1065% by dependent repos Top 0.048% by downloads Top 0.1006% by dependent pkgs
PR Status
Open 401 (47.1%)
Merged 11 (1.3%)
Closed 432 (50.8%)
PR Types
Minor 63 (7.4%)
Patch 777 (91.3%)
Removal 2 (0.2%)