DevGuard Logo

🛡️ DevGuard
Group
/📚 DevGuard Documentation
Repository

Overview
Compliance
Artifacts
Code Risks
Dependency Risks
License Risks
Dependencies

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

Open
LOW (0.6)
  • T

    Tim Bastin detected CVE-2025-26791 with a risk of 0.45

    0.1.0
  • logo

    System updated the risk assessment to 0.36

    0.1.0

    System recalculated raw risk assessment

  • t

    timbastin (GitHub) added a comment

    0.1.0

    This is implemented already 🙂

  • logo

    System updated the risk assessment from 0.36 to 0.6

    0.1.0

    System recalculated raw risk assessment

  • logo

    System

    0.1.0
  • logo

    System

    0.1.0
  • logo

    System

    0.1.0
  • logo

    System

    0.1.0
  • logo

    System updated the risk assessment from 0.6 to 1.8

    0.1.0

    System recalculated raw risk assessment

  • logo

    System fixed CVE-2025-26791

    0.1.0
  • logo

    System detected CVE-2025-26791 with a risk of 0.6

    0.1.0

Add a comment

Mark as False Positive
Last calculated at:

Affected component

dompurify

Installed version:
3.1.6
Fixed in:
3.2.4
Show in dependency graph

Quick Fix

Update all Dependencies
Update only dompurify

Management decisions across the organization

GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 2ab7b793efd72421aea8c3a994ac60202bf1b3a5