CVE-2025-9910

Name of the Vulnerable Software and Affected Versions: jsondiffpatch versions prior to 0.7.2

Description: The package is susceptible to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads, potentially leading to code execution if untrusted payloads are used as a source for the diff and the result is rendered using the built-in html formatter on a private website.

Recommendations: Update to version 0.7.2 or later.