Owasp Java Html Sanitizer — known CVE vulnerabilities
Every CVE whose affected-product data names Owasp Java Html Sanitizer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-42575 — CVSS 9.8 (critical): The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
CVE-2025-66021 — CVSS 6.1 (medium): OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web…