Bleach

This hub aggregates every CVE we track for Bleach, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 5 most recently published vulnerabilities affecting Bleach.

• CVE-2021-23980A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed ...6.1Feb 16, 2023
• CVE-2020-6817bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerab...7.5Feb 16, 2023
• CVE-2020-6816In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.6.1Mar 24, 2020
• CVE-2020-6802In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.6.1Mar 24, 2020
• CVE-2018-7753An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possibl...9.8Mar 7, 2018