Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-gh4j-gqv2-49f6
  • npm/fast-xml-parser
 fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters 22 Apr
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-jp2q-39xq-3w4g
  • npm/fast-xml-parser
 Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser 19 Mar
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-8gc5-j5rx-235r
  • npm/fast-xml-parser
 fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278) 17 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-fj3w-jwp8-x2g3
  • npm/fast-xml-parser
 fast-xml-parser has stack overflow in XMLBuilder with preserveOrder 26 Feb
  • Fix available
  • Severity - 2.7 (Low)
GHSA-m7jm-9gc2-mpf2
  • npm/fast-xml-parser
 fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names 20 Feb
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-jmr7-xgp7-cmfj
  • npm/fast-xml-parser
 fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit) 17 Feb
  • Fix available
  • Severity - 7.5 (High)
GHSA-37qj-frw5-hhjh
  • npm/fast-xml-parser
 fast-xml-parser has RangeError DoS Numeric Entities Bug 30 Jan
  • Fix available
  • Severity - 7.5 (High)
GHSA-mpg4-rc92-vx8v
  • npm/fast-xml-parser
 fast-xml-parser vulnerable to ReDOS at currency parsing 29 Jul 2024
  • Fix available
  • Severity - 8.7 (High)
GHSA-gpv5-7x3g-ghjv
  • npm/fast-xml-parser
 fast-xml-parser regex vulnerability patch could be improved from a safety perspective 15 Jun 2023
  • Fix available
GHSA-x3cc-x39p-42qx
  • npm/fast-xml-parser
 fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name 13 Jun 2023
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-6w63-h3fj-q4vw
  • npm/fast-xml-parser
 fast-xml-parser vulnerable to Regex Injection via Doctype Entities 06 Jun 2023
  • Fix available
  • Severity - 7.5 (High)