GHSA-r8cj-3554-33mr: justhtml introduces denial-of-service hardening

May 8, 2026

justhtml 1.18.0 fixes multiple low-severity denial-of-service hardening issues in CSS selector handling and linkification.

These issues are availability concerns. They do not allow script execution, data disclosure, or sanitizer bypass by themselves.

References

github.com/EmilStenstrom/justhtml
github.com/EmilStenstrom/justhtml/security/advisories/GHSA-r8cj-3554-33mr
github.com/advisories/GHSA-r8cj-3554-33mr

Code Behaviors & Features

Detect and mitigate GHSA-r8cj-3554-33mr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →