[MEDIUM] rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives

PKSA-x5pq-tgg3-vhtm CVE-2026-40301 GHSA-93vf-569f-22cq

Affected version: <1.0.10

Reported by:
GitHub

[MEDIUM] Cross-site Scripting in DOMSanitizer

PKSA-7k2z-5ytf-7w7g CVE-2023-49146 GHSA-2ghm-r75j-pjx2

Affected version: <1.0.7

Reported by:
GitHub