GHSA-7p6w-x2gr-rrf8: ag-grid Cross-Site Scripting vulnerability

September 2, 2020 (updated July 10, 2025)

Versions of ag-grid prior to 14.0.0 are vulnerable to Cross-Site Scripting (XSS). Grid contents are not properly sanitized and may allow attackers to execute arbitrary JavaScript if user input is rendered in the grid.

References

github.com/advisories/GHSA-7p6w-x2gr-rrf8
github.com/ag-grid/ag-grid
github.com/ag-grid/ag-grid/commit/b66b1ddf73056714f6574e054d6e05d6ba531ce8
github.com/ag-grid/ag-grid/issues/1961
github.com/github/advisory-database/issues/5799

Code Behaviors & Features

Detect and mitigate GHSA-7p6w-x2gr-rrf8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →