xmldom is vulnerable to XML injection. Repeated parsing and serializing of malicious documents can result in incorrect preservation of system identifiers, FPIs or namespaces.
github.com/xmldom/xmldom/commit/64c73883abf12dc023262c2c078a68313a0f540c
github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
github.com/xmldom/xmldom/pull/181
github.com/xmldom/xmldom/releases/tag/0.5.0
github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
www.npmjs.com/package/xmldom