postcss
npm4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting postcsspage 1 of 1
- CVE-2021-23368MEDIUMCVSS 5.3EG 5.3✓ Fixed in 8.2.102021-04-12
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
- CVE-2021-23382MEDIUMCVSS 5.3EG 5.3✓ Fixed in 7.0.362021-04-26
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* source…
- CVE-2023-44270MEDIUMCVSS 5.3EG 5.3✓ Fixed in 8.4.312023-09-29
An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. Af…
- CVE-2026-41305MEDIUMCVSS 6.1EG 6.1✓ Fixed in 8.5.102026-04-24
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `</style>` sequences when stringifying CSS ASTs. When user-submitte…
Check whether postcss is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for postcss CVEs against the assets you own.
Start Free Scan →