Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

sanitize

Ecosystem:
rubygems
Package URL:
pkg:gem/sanitize
Total PRs:
14 Dependabot PRs
Latest PR:
9 months ago
Unique Repositories:
14 repositories
Unique Repos (30 days):
0 repositories
Security Advisories
Improper neutralization of `noscript` element content may allow XSS in Sanitize
GHSA-fw3g-2h3j-qmm7 CVE-2023-23627 MODERATE published over 3 years ago • updated 6 days ago
### Impact Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize `>= 5.0.0, < 6.0.1` when Sanitize is co...
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
GHSA-f5ww-cq3m-q3g7 CVE-2023-36823 HIGH published almost 3 years ago • updated about 1 month ago
### Impact Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize `>= 3.0.0, < 6.0.2` when Saniti...
Cross-site Scripting in Sanitize
GHSA-p4x4-rw2p-8j8m CVE-2020-4054 HIGH published almost 6 years ago • updated 12 days ago
When HTML is sanitized using Sanitize's "relaxed" config or a custom config that allows certain elements, some content in a `<math>` or `<svg>` ele...
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting
GHSA-7f42-p84j-f58p CVE-2018-3740 HIGH published about 8 years ago • updated 12 days ago
When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly esc...
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
Bump sanitize from 6.0.0 to 6.0.2

shireeshj/blog #144

6.0.0 → 6.0.2 Patch PR
Closed 9 months ago 1 comment
shireeshj
Build(deps): Bump the bundler group across 1 directory with 10 updates

MNDL-27/discourse #8

6.0.1 → 6.0.2 Patch PR
Merged about 2 years ago
MNDL-27
Bump sanitize from 6.0.0 to 6.0.1

koba-lab/mastodon #781

6.0.0 → 6.0.1 Patch PR
Closed over 3 years ago 2 comments
koba-lab
Bump sanitize from 6.0.0 to 6.0.1

wd-shiroma/mastodon #1509

6.0.0 → 6.0.1 Patch PR
Closed over 3 years ago 2 comments
wd-shiroma
Bump sanitize from 6.0.0 to 6.0.1

TechnoDann/PPC-board-2.0 #87

6.0.0 → 6.0.1 Patch PR
Closed over 3 years ago 2 comments
TechnoDann
Package Details
Name: sanitize
Ecosystem: rubygems
PURL Type: gem
Package URL: pkg:gem/sanitize
JSON API: View JSON
Security Advisories

4

Active advisories
HIGH 3
MODERATE 1
View All gem Advisories
Package Information
Description:

Sanitize is an allowlist-based HTML and CSS sanitizer. It removes all HTML and/or CSS from a string except the elements, attributes, and properties you choose to allow.'

Repository: https://github.com/rgrove/sanitize
Homepage: https://github.com/rgrove/sanitize/
Latest Release: 7.0.0
over 1 year ago
Dependent Repos: 10,715
Dependent Packages: 260
Downloads: 107,510,441
Ranking: Top 0.3262% by dependent repos Top 0.2208% by downloads Top 0.1544% by dependent pkgs
PR Status
Open 2 (14.3%)
Merged 2 (14.3%)
Closed 10 (71.4%)
PR Types
Major 6 (42.9%)
Minor 3 (21.4%)
Patch 5 (35.7%)