com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2021-42575 — CVSS 9.8 (critical): The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
CVE-2025-66021 — CVSS 6.1 (medium): OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web…
CVE-2011-4457 — CVSS 2.6 (low): OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to…