Vulnerability Database
296,748
Total vulnerabilities in the database
CVE-2025-9910
Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer using the built-in html formatter on a private website.
| Software | From | Fixed in |
|---|---|---|
jsondiffpatch
|
- | 0.7.2 |
- https://benjamine.github.io/jsondiffpatch/index.html
- https://github.com/benjamine/jsondiffpatch/commit/0e374b5dd8d7879b329a9fc18affbd46ad50dd14
- https://github.com/benjamine/jsondiffpatch/issues/383
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-12549277
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-12549276
- https://security.snyk.io/vuln/SNYK-JS-JSONDIFFPATCH-10369031
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime