HtmlSanitizer

NuGet3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting HtmlSanitizerpage 1 of 1

CVE-2020-26293MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.0.372
2021-01-04
vulnerable: 1.0.4925.29815 ... 5.0.355 (73 versions)
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly…
CVE-2023-44390MEDIUMCVSS 6.1EG 6.1✓ Fixed in 8.1.722-beta
2023-10-05
vulnerable: 8.1.717-beta, 8.1.719-beta
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the lis…
CVE-2026-25543MEDIUMCVSS 6.1EG 6.1✓ Fixed in 9.0.892
2026-02-04
vulnerable: 1.0.4925.29815 ... 9.0.889 (120 versions)
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The templat…

Check whether HtmlSanitizer is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for HtmlSanitizer CVEs against the assets you own.

Start Free Scan →