GHSA-c9vm-hv86-f23r: justhtml includes multiple security fixes

April 10, 2026 (updated April 15, 2026)

justhtml 1.15.0 includes multiple security fixes affecting URL sanitization helpers, HTML serialization, Markdown passthrough, and several custom sanitization-policy edge cases.

These issues have different impact levels and do not all affect the default configuration in the same way.

References

github.com/EmilStenstrom/justhtml
github.com/EmilStenstrom/justhtml/compare/v1.14.0...v1.15.0
github.com/EmilStenstrom/justhtml/releases/tag/v1.15.0
github.com/EmilStenstrom/justhtml/security/advisories/GHSA-c9vm-hv86-f23r
github.com/advisories/GHSA-c9vm-hv86-f23r

Code Behaviors & Features

Detect and mitigate GHSA-c9vm-hv86-f23r with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →