This is the list of versions of PurgeCSS which are currently being supported with security updates.

To report a vulnerability, please report it directly on GitHub. If you are not able to report it on GitHub, you can send an email with the details to contact@full-human.com. The vulnerability report must include a proof-of-concept of the exploit, or at least a few pointers that can help us assess the risk level. Your report will be acknowledged within 2 business days.