tarteaucitronjs

npm6 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting tarteaucitronjspage 1 of 1

CVE-2023-3620MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.13.1
2023-07-11
Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.
CVE-2025-1467MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.17.0
2025-02-23
Versions of the package tarteaucitronjs before 1.17.0 are vulnerable to Cross-site Scripting (XSS) via the getElemWidth() and getElemHeight(). This is related to [SNYK-JS-TARTEAUCITRONJS-8366541](https://security.snyk.io/vuln/SNYK-JS-TARTE…
CVE-2025-31138MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.20.1
2025-04-07
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions (width and height) were not properly validated. This allo…
CVE-2025-31475MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.20.1
2025-04-07
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where the addOrUpdate function, used for applying custom texts, did not properly validate input. This allowed…
CVE-2025-48939MEDIUMCVSS 4.2EG 4.2✓ Fixed in 1.22.0
2025-07-03
tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual <script> ele…
CVE-2026-22809MEDIUMCVSS 4.4EG 4.4✓ Fixed in 1.29.0
2026-01-13
tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service (ReDoS) vulnerability was identified in tarteaucitron.js in the handling of the issuu_id parameter. This vulnerability is…

Check whether tarteaucitronjs is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tarteaucitronjs CVEs against the assets you own.

Start Free Scan →