Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

sanitize

Ecosystem:
rubygems
Package URL:
pkg:gem/sanitize
Total PRs:
14 Dependabot PRs
Latest PR:
9 months ago
Unique Repositories:
14 repositories
Unique Repos (30 days):
0 repositories
Security Advisories
Improper neutralization of `noscript` element content may allow XSS in Sanitize
GHSA-fw3g-2h3j-qmm7 CVE-2023-23627 MODERATE published over 3 years ago • updated 6 days ago
### Impact Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize `>= 5.0.0, < 6.0.1` when Sanitize is co...
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
GHSA-f5ww-cq3m-q3g7 CVE-2023-36823 HIGH published almost 3 years ago • updated about 1 month ago
### Impact Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize `>= 3.0.0, < 6.0.2` when Saniti...
Cross-site Scripting in Sanitize
GHSA-p4x4-rw2p-8j8m CVE-2020-4054 HIGH published almost 6 years ago • updated 11 days ago
When HTML is sanitized using Sanitize's "relaxed" config or a custom config that allows certain elements, some content in a `<math>` or `<svg>` ele...
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting
GHSA-7f42-p84j-f58p CVE-2018-3740 HIGH published about 8 years ago • updated 11 days ago
When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly esc...
Recent PRs
RSS Feed
Bump sanitize from 6.0.0 to 6.0.2

shireeshj/blog #144

6.0.0 → 6.0.2 Patch PR
Closed 9 months ago 1 comment
shireeshj
Bump sanitize from 6.1.3 to 7.0.0

thinh20011111/test_backend #61

6.1.3 → 7.0.0 Major PR
Open 9 months ago
thinh20011111
Bump sanitize from 6.1.3 to 7.0.0

TracksApp/tracks #3122

6.1.3 → 7.0.0 Major PR
Merged 12 months ago
TracksApp
Bump sanitize from 6.0.1 to 7.0.0

dbortz/mastodon #172

6.0.1 → 7.0.0 Major PR
Open 12 months ago
dbortz
chore(deps): bump sanitize from 6.1.3 to 7.0.0

github/markup #1949

6.1.3 → 7.0.0 Major PR
Closed about 1 year ago 2 comments
github
Bump sanitize from 6.1.0 to 7.0.0

ministryofjustice/peoplefinder #1043

6.1.0 → 7.0.0 Major PR
Closed over 1 year ago 1 comment
ministryofjustice
Build(deps): Bump the bundler group across 1 directory with 10 updates

MNDL-27/discourse #8

6.0.1 → 6.0.2 Patch PR
Merged about 2 years ago
MNDL-27
Bump sanitize from 6.0.0 to 6.1.0

Izorkin/mastodon #845

6.0.0 → 6.1.0 Minor PR
Closed over 2 years ago 1 comment
Izorkin
Bump sanitize from 6.0.0 to 6.0.1

koba-lab/mastodon #781

6.0.0 → 6.0.1 Patch PR
Closed over 3 years ago 2 comments
koba-lab
Bump sanitize from 6.0.0 to 6.0.1

wd-shiroma/mastodon #1509

6.0.0 → 6.0.1 Patch PR
Closed over 3 years ago 2 comments
wd-shiroma
Bump sanitize from 6.0.0 to 6.0.1

TechnoDann/PPC-board-2.0 #87

6.0.0 → 6.0.1 Patch PR
Closed over 3 years ago 2 comments
TechnoDann
Bump sanitize from 5.2.1 to 6.0.1

railsbridge/bridge_troll #1286

5.2.1 → 6.0.1 Major PR
Closed over 3 years ago 1 comment
railsbridge
Bump sanitize from 5.0.0 to 5.2.3

uklibraries/jester #1

5.0.0 → 5.2.3 Minor PR
Closed over 5 years ago 1 comment
uklibraries
Bump sanitize from 5.0.0 to 5.2.3

upenn-libraries/sdbmss #33

5.0.0 → 5.2.3 Minor PR
Closed over 5 years ago 1 comment
upenn-libraries
Package Details
Name: sanitize
Ecosystem: rubygems
PURL Type: gem
Package URL: pkg:gem/sanitize
JSON API: View JSON
Security Advisories

4

Active advisories
HIGH 3
MODERATE 1
View All gem Advisories
Package Information
Description:

Sanitize is an allowlist-based HTML and CSS sanitizer. It removes all HTML and/or CSS from a string except the elements, attributes, and properties you choose to allow.'

Repository: https://github.com/rgrove/sanitize
Homepage: https://github.com/rgrove/sanitize/
Latest Release: 7.0.0
over 1 year ago
Dependent Repos: 10,715
Dependent Packages: 260
Downloads: 107,510,441
Ranking: Top 0.3262% by dependent repos Top 0.2208% by downloads Top 0.1544% by dependent pkgs
PR Status
Open 2 (14.3%)
Merged 2 (14.3%)
Closed 10 (71.4%)
PR Types
Major 6 (42.9%)
Minor 3 (21.4%)
Patch 5 (35.7%)