VYPR
Medium severity5.3OSV Advisory· Published Sep 14, 2025· Updated Apr 15, 2026

CVE-2025-59364

CVE-2025-59364

Description

The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
express-xss-sanitizernpm
< 2.0.12.0.1

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.