🛡️ DevGuard
Group
/📚 DevGuard Documentation
Repository

Dependency Risks

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

Open

LOW (1.8)

T
Tim Bastin detected CVE-2025-26791 with a risk of 0.45
0.1.0
System updated the risk assessment to 0.36
0.1.0
System recalculated raw risk assessment
T
Tim Bastin detected CVE-2025-26791 with a risk of 1.8
update-gitlab-integration-dokument
t
timbastin (GitHub) added a comment
0.1.0
This is implemented already 🙂
System updated the risk assessment from 0.36 to 0.6
update-gitlab-integration-dokument
System recalculated raw risk assessment
System updated the risk assessment from 0.36 to 0.6
0.1.0
System recalculated raw risk assessment
System
update-gitlab-integration-dokument
System
0.1.0
System
0.1.0
System
update-gitlab-integration-dokument
System
update-gitlab-integration-dokument
System
0.1.0
System
update-gitlab-integration-dokument
System
0.1.0
System updated the risk assessment from 1.8 to 0.6
update-gitlab-integration-dokument
System recalculated raw risk assessment
System updated the risk assessment from 0.6 to 1.8
0.1.0
System recalculated raw risk assessment
System updated the risk assessment from 0.6 to 1.8
update-gitlab-integration-dokument
System recalculated raw risk assessment
System fixed CVE-2025-26791
0.1.0
System fixed CVE-2025-26791
update-gitlab-integration-dokument
System detected CVE-2025-26791 with a risk of 0.6
0.1.0
System updated the risk assessment from 0.6 to 1.8
update-gitlab-integration-dokument
System recalculated raw risk assessment

Add a comment

Last calculated at:

Affected component

dompurify

Installed version:

3.1.6

Fixed in:

3.2.4

Show in dependency graph

Quick Fix

Update all Dependencies

Update only dompurify

Management decisions across the organization