BETAmodules.com is in beta — open to partnerships & joint ventures.Build with us
modules.com
⌘K

xmldom

v0.6.0npm· JavaScript

A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.

The verdict
Has 7 high-severity advisories. Verify a patched version exists before using. Check the OSV link for the fixed-in version.
Check the OSV link for the fixed-in version.
Live from the npm registry · derived rules, not AI
How it scores
MaintenanceAbandoned
PopularityUnknown
Security7 advisories
LicensePermissive
DepsZero deps
Maintenance
Last published 5 years ago.
Popularity
Download count unavailable.
Security
7 known advisories (worst: high severity).
License
MIT
Dependencies
No runtime dependencies
Security advisories
Live from OSV.dev · cached 24h
  • HIGH
    xmldom: Uncontrolled recursion in XML serialization leads to DoS
    GHSA-2v35-w6hq-6mfw Published 2026-04-22
  • HIGH
    xmldom allows multiple root nodes in a DOM
    GHSA-crh6-fp67-6883 Published 2022-11-01
  • HIGH
    xmldom has XML injection through unvalidated DocumentType serialization
    GHSA-f6ww-3ggp-fr8h Published 2026-04-22
  • HIGH
    xmldom has XML node injection through unvalidated comment serialization
    GHSA-j759-j44w-7fr8 Published 2026-04-22
  • HIGH
    xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
    GHSA-wh4c-j3r5-mjhp Published 2026-04-01
  • HIGH
    xmldom has XML node injection through unvalidated processing instruction serialization
    GHSA-x6wf-f3px-wcqx Published 2026-04-22
  • MEDIUM
    Misinterpretation of malicious XML input
    GHSA-5fg8-2547-mr8q Published 2021-08-03
Recent releases
  • 0.6.05 years ago
  • 0.5.05 years ago
  • 0.4.05 years ago
  • 0.3.06 years ago
  • 0.2.16 years ago
  • 0.2.06 years ago
  • 0.1.316 years ago
  • 0.1.306 years ago