Loofah
This hub aggregates every CVE we track for Loofah, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM5HIGH2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Loofah.
- CVE-2022-23518Improper neutralization of data URIs allows XSS in rails-html-sanitizer6.1
- CVE-2022-23516Uncontrolled Recursion in Loofah7.5
- CVE-2022-23515Improper neutralization of data URIs may allow XSS in Loofah6.1
- CVE-2022-23514Inefficient Regular Expression Complexity in Loofah7.5
- CVE-2019-15587In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.5.4
- CVE-2018-16468In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.5.4
- CVE-2018-8048In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.6.1
Product normalization is registry-driven with AI assist and human review. How it works