Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

dompurify

Ecosystem:
npm
Package URL:
pkg:npm/dompurify
Total PRs:
5,433 Dependabot PRs
Latest PR:
about 2 hours ago
Unique Repositories:
3,299 repositories
Unique Repos (30 days):
269 repositories
Security Advisories
DOMPurify is vulnerable to mutation-XSS via Re-Contextualization
GHSA-h8r8-wccr-v5f2 MODERATE published 3 months ago • updated about 11 hours ago
## Description A mutation-XSS (mXSS) condition was confirmed when sanitized HTML is reinserted into a new parsing context using `innerHTML` and sp...
DOMPurify USE_PROFILES prototype pollution allows event handlers
GHSA-cj63-jhhr-wcxv MODERATE published 2 months ago • updated about 11 hours ago
## Summary When `USE_PROFILES` is enabled, DOMPurify rebuilds `ALLOWED_ATTR` as a plain array before populating it with the requested allowlists. B...
Cross-site Scripting in dompurify
GHSA-63q7-h895-m982 CVE-2020-26870 MODERATE published over 5 years ago • updated about 12 hours ago
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tr...
DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback
GHSA-v9jr-rg53-9pgp CVE-2026-41238 MODERATE published about 2 months ago • updated about 11 hours ago
## Summary DOMPurify versions 3.0.1 through 3.3.3 (latest) are vulnerable to a prototype pollution-based XSS bypass. When an application uses `DOM...
DOMPurify allows Cross-site Scripting (XSS)
GHSA-vhxf-7vqr-mrjg CVE-2025-26791 MODERATE published over 1 year ago • updated 2 days ago
DOMPurify before 3.2.4 has an incorrect template literal regular expression when SAFE_FOR_TEMPLATES is set to true, sometimes leading to mutation c...
View all 18 advisories
Recent PRs
RSS Feed
chore(deps): bump the npm_and_yarn group across 8 directories with 7 updates

daemon-blockint-tech/daemoncode #9

3.3.1 → 3.4.0 Minor PR
Closed about 2 hours ago 3 comments
daemon-blockint-tech
chore(deps): bump the npm-frontend-patch-minor group across 1 directory with 28 updates

Prekzursil/momentstudio #586

3.4.0 → 3.4.10 Patch PR
Open about 2 hours ago 9 comments
Prekzursil
chore(deps): bump the production-dependencies group across 1 directory with 34 updates

buggyblues/shadow #393

3.4.0 → 3.4.10 Patch PR
Open about 6 hours ago 1 comment
buggyblues
Bump the npm_and_yarn group across 1 directory with 10 updates

tylerdean1/Macadamy #42

3.3.1 → 3.4.10 Minor PR
Closed about 6 hours ago 5 comments
tylerdean1
chore(deps): bump the npm_and_yarn group across 1 directory with 10 updates

danielbodnar/Zero #1

3.2.6 → 3.4.0 Minor PR
Open about 21 hours ago 2 comments
danielbodnar
chore(deps): Bump dompurify from 3.4.5 to 3.4.8 in /build/frontend-legacy

mamh-mixed/nextcloud-server #236

3.4.5 → 3.4.8 Patch PR
Open 1 day ago 1 comment
mamh-mixed
Bump the npm_and_yarn group across 1 directory with 17 updates

patelarthAI/New-Arthformat #2

3.3.1 → 3.4.10 Minor PR
Open 1 day ago 1 comment
patelarthAI
Bump dompurify from 3.4.9 to 3.4.10

cjmalloy/jasper-ui #1190

3.4.9 → 3.4.10 Patch PR
Open 1 day ago 4 comments
cjmalloy
Bump the npm_and_yarn group across 8 directories with 16 updates

dporkka/budibase #16

3.2.6 → 3.4.10 Minor PR
Closed 1 day ago 1 comment
dporkka
chore(deps): bump the minor-and-patch group with 42 updates

shilojeyaraj/Brain-Battle #8

3.3.1 → 3.4.10 Minor PR
Open 1 day ago 2 comments
shilojeyaraj
Bump the dependencies group with 2 updates

quisido/quisi.do #501

3.4.9 → 3.4.10 Patch PR
Open 1 day ago 1 comment
quisido
deps: Bump the npm-minor-patch group across 1 directory with 37 updates

xaverric/atlas-lab #79

3.4.0 → 3.4.10 Patch PR
Open 1 day ago 1 comment
xaverric
chore(deps): bump the production-dependencies group with 2 updates

RackulaLives/Rackula #2173

3.4.9 → 3.4.10 Patch PR
Closed 1 day ago 2 comments
RackulaLives
chore(deps): bump the npm-minor-patch group with 2 updates

nkz-os/nkz #569

3.4.9 → 3.4.10 Patch PR
Closed 1 day ago 2 comments
nkz-os
chore(deps): bump the npm-dependencies group across 1 directory with 30 updates

booklore-app/booklore #3418

3.4.1 → 3.4.9 Patch PR
Closed 2 days ago 3 comments
booklore-app
chore(deps): bump the npm-minor-patch group in /frontend with 5 updates

MinBZK/regelrecht #806

3.4.8 → 3.4.9 Patch PR
Closed 2 days ago 2 comments
MinBZK
chore(deps): update dompurify requirement from ^3.3.1 to ^3.4.9 in /superset-frontend/plugins/legacy-preset-chart-nvd3

pinterest/superset #329

^3.3.1 → ^3.4.9 Minor PR
Open 3 days ago 1 comment
pinterest
build(deps): bump the minor-and-patch group across 1 directory with 15 updates

justingallivan/wmkf-research-apps #26

3.4.1 → 3.4.9 Patch PR
Open 3 days ago 2 comments
justingallivan
Bump dompurify from 3.4.8 to 3.4.9

cjmalloy/jasper-ui #1187

3.4.8 → 3.4.9 Patch PR
Open 3 days ago 4 comments
cjmalloy
chore(deps): bump dompurify from 3.4.9 to 3.4.8 in /superset-frontend/plugins/legacy-preset-chart-nvd3

aliavni/incubator-superset #4176

3.4.9 → 3.4.8
Closed 3 days ago 2 comments
aliavni
Bump the npm_and_yarn group across 2 directories with 21 updates

tabrezahmed51/Cloudflare-agents_0118 #3

3.3.0 → 3.4.9 Minor PR
Open 3 days ago 2 comments
tabrezahmed51
Bump dompurify from 3.4.8 to 3.4.9 in /themes/common-theme/webapp/common-theme/js

apache/ofbiz-framework #1344

3.4.8 → 3.4.9 Patch PR
Closed 4 days ago 1 comment
apache
chore(deps): bump the npm_and_yarn group across 6 directories with 15 updates

ai-integr8tor/hermes-agent #9

3.3.3 → 3.4.8 Minor PR
Open 4 days ago 2 comments
ai-integr8tor
chore(deps): Bump the minor-and-patch group with 42 updates

mugicaasier4-art/livix #43

3.4.5 → 3.4.8 Patch PR
Open 5 days ago 1 comment
mugicaasier4-art
chore(deps): bump the npm_and_yarn group across 4 directories with 13 updates

ashark-ai-05/paperclip #4

3.3.2 → 3.4.0 Minor PR
Closed 5 days ago 1 comment
ashark-ai-05
chore(deps): bump the npm_and_yarn group across 4 directories with 13 updates

Heavy02011/paperclip #5

3.3.2 → 3.4.0 Minor PR
Closed 5 days ago 1 comment
Heavy02011
chore(deps): bump the npm_and_yarn group across 1 directory with 15 updates

lhy8888/uptime #73

3.3.3 → 3.4.0 Minor PR
Closed 5 days ago 2 comments
lhy8888
chore(deps): bump the npm_and_yarn group across 1 directory with 15 updates

lhy8888/uptime #72

3.3.3 → 3.4.0 Minor PR
Closed 5 days ago 2 comments
lhy8888
deps(deps): bump dompurify from 3.3.3 to 3.4.8

eRom/cruchot #81

3.3.3 → 3.4.8 Minor PR
Closed 5 days ago 3 comments
eRom
build(deps): bump the npm_and_yarn group across 3 directories with 11 updates

GlacierEQ/langfuse #12

3.3.2 → 3.4.0 Minor PR
Open 5 days ago 2 comments
GlacierEQ
Bump the js-minor-patch group in /webapp/frontend with 5 updates

Sinsemilila/academIA #58

3.4.7 → 3.4.8 Patch PR
Closed 5 days ago 1 comment
Sinsemilila
deps: bump the production-deps group across 1 directory with 26 updates

forwardemail/mail.forwardemail.net #86

3.4.2 → 3.4.8 Patch PR
Closed 5 days ago 2 comments
forwardemail
chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates

Mushy-Snugglebites-badonkadonk/openclaw #11

3.3.1 → 3.4.0 Minor PR
Closed 5 days ago 1 comment
Mushy-Snugglebites-badonkadonk
chore(deps-frontend)(deps): bump dompurify from 3.4.5 to 3.4.8 in /servetrack-frontend

PUPT-Quantum-Leap/capstone-nlcom-volunteer-management-system #458

3.4.5 → 3.4.8 Patch PR
Open 6 days ago 3 comments
PUPT-Quantum-Leap
deps(studio): bump dompurify from 3.4.7 to 3.4.8 in /apps/studio

qa-wave/theridion-net #15

3.4.7 → 3.4.8 Patch PR
Open 6 days ago 1 comment
qa-wave
chore(deps): bump dompurify from 3.4.5 to 3.4.8

chrispivonka/chrispivonka.com #68

3.4.5 → 3.4.8 Patch PR
Open 6 days ago 1 comment
chrispivonka
chore(deps): bump the production-dependencies group across 1 directory with 58 updates

zone17/sovren #276

3.3.3 → 3.4.8 Minor PR
Open 6 days ago 2 comments
zone17
chore(deps): bump the prod-minor-patch group across 1 directory with 8 updates

JaavLex/HERMES #20

3.4.4 → 3.4.8 Patch PR
Open 6 days ago 1 comment
JaavLex
deps: bump the npm-minor-patch group with 3 updates

hardcoverapp/hardcover-docs #119

3.4.5 → 3.4.7 Patch PR
Open 6 days ago 1 comment
hardcoverapp
deps(frontend)(deps): bump the frontend-minor-patch group across 1 directory with 17 updates

sylenan-herostudy/vox-ai #363

3.4.2 → 3.4.8 Patch PR
Open 6 days ago 1 comment
sylenan-herostudy
chore(deps): bump the npm-minor-patch group in /openmetadata-ui/src/main/resources/ui with 28 updates

Jason-Clark-FG/OpenMetadata-FG #446

3.4.1 → 3.4.8 Patch PR
Open 6 days ago 1 comment
Jason-Clark-FG
fix(deps)(deps): bump the node-non-major group across 1 directory with 15 updates

founder24/-kalukaliya #390

3.4.5 → 3.4.8 Patch PR
Open 6 days ago 3 comments
founder24
chore(deps): bump dompurify from 3.4.5 to 3.4.8

berntisak/kilele-web #96

3.4.5 → 3.4.8 Patch PR
Open 6 days ago 1 comment
berntisak
chore(deps)(deps): bump the minor-and-patch group across 1 directory with 17 updates

rumeadia-dotcom/ing0415 #324

3.4.7 → 3.4.8 Patch PR
Open 6 days ago 1 comment
rumeadia-dotcom
chore(deps): bump the dependencies group with 15 updates

Robin-w151/orfarchiv-ui #223

3.4.7 → 3.4.8 Patch PR
Closed 6 days ago 3 comments
Robin-w151
build(deps): bump the prod group across 1 directory with 44 updates

Sainskerta-Solusi-Nusantara/ssn2 #27

3.4.5 → 3.4.8 Patch PR
Open 6 days ago 1 comment
Sainskerta-Solusi-Nusantara
build(deps): bump the npm-deps group across 1 directory with 9 updates

4cm4k1/flowcrypt-browser #831

3.4.7 → 3.4.8 Patch PR
Closed 6 days ago 1 comment
4cm4k1
chore(deps): bump the production-dependencies group in /docs/widget with 2 updates

everybody-eats-nz/volunteer-portal #944

3.4.7 → 3.4.8 Patch PR
Closed 6 days ago 2 comments
everybody-eats-nz
deps: bump the npm-minor-patch group across 1 directory with 14 updates

anthony-propuestas/Venezuela-LIVE-2 #13

3.3.2 → 3.4.8 Minor PR
Open 7 days ago 1 comment
anthony-propuestas
deps(frontend): bump the patch-and-minor group in /frontend with 13 updates

samifahad58/suhail #7

3.4.3 → 3.4.8 Patch PR
Open 7 days ago 1 comment
samifahad58
Package Details
Name: dompurify
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/dompurify
JSON API: View JSON
Security Advisories

18

Active advisories
CRITICAL 2
HIGH 3
MODERATE 13
View All npm Advisories
Package Information
Description:

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

Repository: https://github.com/cure53/DOMPurify
Homepage: https://github.com/cure53/DOMPurify
Latest Release: 3.2.6
about 1 year ago
Dependent Repos: 56,633
Dependent Packages: 1,705
Downloads: 43,072,032
Ranking: Top 0.1284% by dependent repos Top 0.0589% by downloads Top 0.0449% by dependent pkgs
PR Status
Open 2,791 (51.4%)
Merged 269 (5.0%)
Closed 2,127 (39.1%)
PR Types
Major 499 (9.2%)
Minor 2,369 (43.6%)
Patch 2,279 (41.9%)
Removal 1 (0.0%)