Description
No description available.
Recommendation
Update the postcss package to the latest compatible version. Followings are version details:
- Affected version(s): < 8.5.10
- Patched version(s): 8.5.10
References
Related Issues
- ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context - CVE-2026-33889
- Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries - CVE-2026-32728
- Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html` - CVE-2026-44990
- Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS - CVE-2026-2581
You might also like:
- Tags:
- npm
- postcss
Anything's wrong? Let us know Last updated on April 24, 2026


