https://advisories.gitlab.com/npm/xmldom/CVE-2026-41672/
xmldom has XML node injection through unvalidated comment serialization | GitLab Advisory Database...
CVE-2026-41672 xmldom has XML node injection through unvalidated comment serialization: The package allows attacker-controlled comment content to be serialized...
https://usejunior.com/engineering/patching-a-characterdata-state-drift-in-xmldom
Patching a CharacterData state drift in xmldom | UseJunior
We diagnosed and upstreamed a fix for xmldom CharacterData state drift: data and nodeValue were separate backing fields, so direct assignment to one could...
drift inpatchingcharacterdatastatexmldom