cure53
Security Risk Profile
38
/100
lowSecurity Risk Score
Comprehensive risk assessment based on 10 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from September 24, 2019 to present
10
Total CVEs
3
Critical+High
0
Exploited
0
Unpatched
Threat Assessment
Avg CVSS
6.9
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
38/100
low
Severity Distribution
Critical
2High
1Medium
7Low
0Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
2Age Distribution
Common Weaknesses (CWE)
1
XSS
9
Most Affected Products
1. npm/dompurify11
2. Cure53 DOMPurify11
3. Microsoft Visual Studio 20194
4. IBM watsonx.data intelligence3
5. cure53 DOMPurify3
Recent Vulnerabilities
See more →CVE-2026-41240
CVSS 6.0medium
DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)
4/22/2026
CVE-2026-0540
CVSS 5.3medium
DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML
3/3/2026
CVE-2025-15599
CVSS 6.1medium
DOMPurify XSS via Textarea Rawtext Bypass in SAFE_FOR_XML
3/3/2026
CVE-2025-26791
CVSS 6.1EPSS 0%medium
2/14/2025
CVE-2024-48910
CVSS 9.8EPSS 0%critical
DOMPurify vulnerable to tampering by prototype polution
10/31/2024
CVE-2024-47875
CVSS 10.0critical
DOMPurify nesting-based mXSS
10/11/2024
CVE-2024-45801
CVSS 7.3high
Tampering by prototype polution in DOMPurify
9/16/2024
CVE-2019-25155
CVSS 6.1medium
10/31/2023
CVE-2020-26870
CVSS 6.1medium
10/7/2020
CVE-2019-16728
CVSS 6.1medium
9/24/2019
Monitor cure53 in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.