[GHSA-v2wj-7wpq-c8vv] DOMPurify contains a Cross-site Scripting vulnerability

[swils23]

Updates

• Affected products
• CVSS v3
• Description

Comments
Patched versions 2.5.9 and 3.3.2 have been released in GitHub and published to NPM.
https://github.com/cure53/DOMPurify/releases
https://www.npmjs.com/package/dompurify

[Copilot]

Pull request overview

This PR updates the DOMPurify XSS vulnerability advisory (GHSA-v2wj-7wpq-c8vv) to reflect that patched versions 2.5.9 and 3.3.2 have been released, replacing interim "last_affected" markers with concrete "fixed" version information and updating the CVSS scoring.

Changes:

• Changed affected version ranges from last_affected to fixed (3.3.2 and 2.5.9) with database_specific.last_known_affected_version_range metadata for both version branches
• Updated the details field to reference fix versions (2.5.9 and 3.3.2) instead of a commit hash
• Removed the CVSS v3 severity entry, retaining only the CVSS v4 score

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[advisory-database]

Hi @swils23! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!