[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-23648":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":54,"duplicate_of":9,"upstream":56,"downstream":57,"duplicates":66,"related":67,"reserved_at":9,"published_at":68,"modified_at":69,"state":70,"summary":71,"references_raw":79,"kevs":140,"epss":141,"epss_history":144,"metrics":413,"affected":432},"CVE-2021-23648","The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_EA3C3B3B3E7E04A3","Exploit Reference (snyk.io)","reference","https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882","unknown",0.2,false,[],[55],"GHSA-hqq7-2q2v-82xq",[],[58,60,62,64],{"_key":59},"UBUNTU-CVE-2021-23648",{"_key":61},"DEBIAN-CVE-2021-23648",{"_key":63},"RHSA-2022:7519",{"_key":65},"RHSA-2022:8057",[],[],"2022-03-16T15:45:19.074Z","2024-09-16T16:22:58.288Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":72,"epss_score":73,"severity":74,"severity_score":75,"severity_version":76,"severity_source":77,"severity_vector":78,"severity_status":70},"low",0.00126,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[80,90,95,100,104,110,114,118,123,128,132,136],{"url":49,"sources":81,"tags":84},[82,77,83],"cve.org","osv_npm",[85,86,87,88,89],"X Refsource MISC","Exploit","Patch","Third Party Advisory","WEB",{"url":91,"sources":92,"tags":93},"https://github.com/braintree/sanitize-url/blob/main/src/index.ts%23L11",[82,77,83],[85,94,89],"Broken Link",{"url":96,"sources":97,"tags":98},"https://github.com/braintree/sanitize-url/pull/40",[82,77,83],[85,99,87,88,89],"Issue Tracking",{"url":101,"sources":102,"tags":103},"https://github.com/braintree/sanitize-url/pull/40/commits/e5afda45d9833682b705f73fc2c1265d34832183",[82,77,83],[85,87,88,89],{"url":105,"sources":106,"tags":107},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/",[82,77],[108,109],"Vendor Advisory","X Refsource FEDORA",{"url":111,"sources":112,"tags":113},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/",[82,77],[108,109],{"url":115,"sources":116,"tags":117},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/",[82,77],[108,109],{"url":119,"sources":120,"tags":121},"https://nvd.nist.gov/vuln/detail/CVE-2021-23648",[83],[122],"Advisory",{"url":124,"sources":125,"tags":126},"https://github.com/braintree/sanitize-url",[83],[127],"PACKAGE",{"url":129,"sources":130,"tags":131},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D",[83],[89],{"url":133,"sources":134,"tags":135},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH",[83],[89],{"url":137,"sources":138,"tags":139},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ",[83],[89],[],{"date":142,"score":73,"percentile":143},"2026-06-04",0.31421,[145,149,152,155,158,161,164,167,170,173,176,179,182,185,189,193,196,199,202,205,208,212,215,218,221,224,227,231,234,237,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,307,310,313,316,319,322,325,327,329,332,335,338,341,343,346,349,351,354,357,359,362,365,368,371,373,376,379,382,385,388,391,394,397,400,403,406,409],{"date":146,"score":147,"percentile":148},"2025-11-04",0.00124,0.32299,{"date":150,"score":147,"percentile":151},"2025-11-05",0.32284,{"date":153,"score":147,"percentile":154},"2025-11-06",0.32287,{"date":156,"score":147,"percentile":157},"2025-11-07",0.32303,{"date":159,"score":147,"percentile":160},"2025-11-08",0.323,{"date":162,"score":147,"percentile":163},"2025-11-09",0.32278,{"date":165,"score":147,"percentile":166},"2025-11-10",0.32228,{"date":168,"score":147,"percentile":169},"2025-11-11",0.32249,{"date":171,"score":147,"percentile":172},"2025-11-12",0.32297,{"date":174,"score":147,"percentile":175},"2025-11-13",0.32314,{"date":177,"score":147,"percentile":178},"2025-11-14",0.32316,{"date":180,"score":147,"percentile":181},"2025-11-15",0.32318,{"date":183,"score":147,"percentile":184},"2025-11-16",0.32289,{"date":186,"score":187,"percentile":188},"2025-11-17",0.00111,0.30223,{"date":190,"score":191,"percentile":192},"2025-11-18",0.00573,0.66117,{"date":194,"score":191,"percentile":195},"2025-11-19",0.66123,{"date":197,"score":191,"percentile":198},"2025-11-20",0.6612,{"date":200,"score":187,"percentile":201},"2025-11-21",0.30263,{"date":203,"score":187,"percentile":204},"2025-11-22",0.30272,{"date":206,"score":187,"percentile":207},"2025-11-23",0.30238,{"date":209,"score":210,"percentile":211},"2025-11-24",0.00117,0.31136,{"date":213,"score":210,"percentile":214},"2025-11-25",0.31131,{"date":216,"score":210,"percentile":217},"2025-11-26",0.31132,{"date":219,"score":210,"percentile":220},"2025-11-27",0.31145,{"date":222,"score":210,"percentile":223},"2025-11-28",0.31124,{"date":225,"score":210,"percentile":226},"2025-11-29",0.31111,{"date":228,"score":229,"percentile":230},"2025-11-30",0.00122,0.31942,{"date":232,"score":229,"percentile":233},"2025-12-01",0.32022,{"date":235,"score":229,"percentile":236},"2025-12-02",0.32049,{"date":238,"score":229,"percentile":236},"2025-12-03",{"date":240,"score":229,"percentile":241},"2025-12-04",0.31945,{"date":243,"score":229,"percentile":244},"2025-12-05",0.31981,{"date":246,"score":229,"percentile":247},"2025-12-06",0.31985,{"date":249,"score":229,"percentile":250},"2025-12-07",0.31958,{"date":252,"score":229,"percentile":253},"2025-12-08",0.3197,{"date":255,"score":229,"percentile":256},"2025-12-09",0.32023,{"date":258,"score":229,"percentile":259},"2025-12-10",0.32084,{"date":261,"score":229,"percentile":262},"2025-12-11",0.32121,{"date":264,"score":229,"percentile":265},"2025-12-12",0.3215,{"date":267,"score":229,"percentile":268},"2025-12-13",0.32135,{"date":270,"score":229,"percentile":271},"2025-12-14",0.32111,{"date":273,"score":229,"percentile":274},"2025-12-15",0.32061,{"date":276,"score":229,"percentile":277},"2025-12-16",0.32079,{"date":279,"score":229,"percentile":280},"2025-12-17",0.32127,{"date":282,"score":229,"percentile":283},"2025-12-18",0.32177,{"date":285,"score":229,"percentile":286},"2025-12-19",0.32203,{"date":288,"score":229,"percentile":289},"2025-12-20",0.32183,{"date":291,"score":229,"percentile":292},"2025-12-21",0.32123,{"date":294,"score":229,"percentile":295},"2025-12-22",0.32091,{"date":297,"score":229,"percentile":298},"2025-12-23",0.3207,{"date":300,"score":229,"percentile":301},"2025-12-24",0.32065,{"date":303,"score":229,"percentile":304},"2025-12-25",0.32138,{"date":306,"score":229,"percentile":292},"2025-12-26",{"date":308,"score":229,"percentile":309},"2025-12-27",0.32134,{"date":311,"score":229,"percentile":312},"2025-12-28",0.32057,{"date":314,"score":229,"percentile":315},"2025-12-29",0.32025,{"date":317,"score":229,"percentile":318},"2025-12-30",0.32019,{"date":320,"score":229,"percentile":321},"2025-12-31",0.32069,{"date":323,"score":229,"percentile":324},"2026-01-01",0.32213,{"date":326,"score":229,"percentile":286},"2026-01-02",{"date":328,"score":229,"percentile":289},"2026-01-03",{"date":330,"score":229,"percentile":331},"2026-01-04",0.32042,{"date":333,"score":229,"percentile":334},"2026-01-05",0.32029,{"date":336,"score":229,"percentile":337},"2026-01-06",0.32041,{"date":339,"score":229,"percentile":340},"2026-01-07",0.32063,{"date":342,"score":229,"percentile":295},"2026-01-08",{"date":344,"score":229,"percentile":345},"2026-01-09",0.32085,{"date":347,"score":229,"percentile":348},"2026-01-10",0.32089,{"date":350,"score":229,"percentile":312},"2026-01-11",{"date":352,"score":229,"percentile":353},"2026-01-12",0.31986,{"date":355,"score":229,"percentile":356},"2026-01-13",0.31977,{"date":358,"score":229,"percentile":318},"2026-01-14",{"date":360,"score":229,"percentile":361},"2026-01-15",0.32016,{"date":363,"score":229,"percentile":364},"2026-01-16",0.3204,{"date":366,"score":229,"percentile":367},"2026-01-17",0.3203,{"date":369,"score":229,"percentile":370},"2026-01-18",0.31976,{"date":372,"score":229,"percentile":230},"2026-01-19",{"date":374,"score":229,"percentile":375},"2026-01-20",0.31926,{"date":377,"score":229,"percentile":378},"2026-01-21",0.31879,{"date":380,"score":229,"percentile":381},"2026-01-22",0.31856,{"date":383,"score":229,"percentile":384},"2026-01-23",0.31919,{"date":386,"score":229,"percentile":387},"2026-01-24",0.31932,{"date":389,"score":229,"percentile":390},"2026-01-25",0.31864,{"date":392,"score":229,"percentile":393},"2026-01-26",0.31776,{"date":395,"score":229,"percentile":396},"2026-01-27",0.31762,{"date":398,"score":229,"percentile":399},"2026-01-28",0.31737,{"date":401,"score":229,"percentile":402},"2026-01-29",0.31692,{"date":404,"score":229,"percentile":405},"2026-01-30",0.31683,{"date":407,"score":229,"percentile":408},"2026-01-31",0.31694,{"date":410,"score":411,"percentile":412},"2026-02-01",0.00291,0.52279,[414,421,429],{"source":82,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":415,"cvss_v4_0":9},{"baseScore":416,"baseSeverity":417,"vectorString":418,"impactScore":419,"exploitabilityScore":420},5.4,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P",4.2,7.2,{"source":77,"cvss_v2_0":422,"cvss_v3_0":9,"cvss_v3_1":427,"cvss_v4_0":9},{"baseScore":423,"baseSeverity":9,"vectorString":424,"impactScore":425,"exploitabilityScore":426},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":75,"baseSeverity":417,"vectorString":78,"impactScore":428,"exploitabilityScore":420},4.5,{"source":83,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":430,"cvss_v4_0":9},{"baseScore":416,"baseSeverity":9,"vectorString":431,"impactScore":419,"exploitabilityScore":420},"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",[433,445,458],{"ecosystem":9,"name":434,"vendor":435,"product":434,"cpe_part":436,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":437},"fedora","fedoraproject","o",[438,441,443],{"version":439,"is_range":52,"range_type":440,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"34","cpe",{"version":442,"is_range":52,"range_type":440,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35",{"version":444,"is_range":52,"range_type":440,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"36",{"ecosystem":446,"name":447,"vendor":448,"product":449,"cpe_part":9,"purl_type":450,"purl_namespace":448,"purl_name":449,"source":9,"versions":451},"Npm","@braintree/sanitize-url","@braintree","sanitize-url","npm",[452],{"version":453,"is_range":454,"range_type":455,"version_start":9,"version_start_type":9,"version_end":456,"version_end_type":457,"fixed_in":9},"lt6_0_0",true,"semver","6.0.0","excluding",{"ecosystem":9,"name":459,"vendor":460,"product":459,"cpe_part":461,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":462},"braintree\\/sanitize-url","paypal","a",[463],{"version":464,"is_range":454,"range_type":440,"version_start":9,"version_start_type":9,"version_end":456,"version_end_type":457,"fixed_in":9},"lt6.0.0"]