fast-xml-parser vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-41650Mediumfast-xml-parser: fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped DelimitersCVE-2026-33349Mediumfast-xml-parser: Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in…CVE-2026-33036Highfast-xml-parser: fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits…CVE-2026-27942Lowfast-xml-parser: fast-xml-parser has stack overflow in XMLBuilder with preserveOrderCVE-2026-25896Criticalfast-xml-parser: fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity namesCVE-2026-26278Highfast-xml-parser: fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)CVE-2026-25128Highfast-xml-parser: fast-xml-parser has RangeError DoS Numeric Entities BugCVE-2024-41818Highfast-xml-parser: fast-xml-parser vulnerable to ReDOS at currency parsingGHSA-GPV5-7X3G-GHJVLowfast-xml-parser: fast-xml-parser regex vulnerability patch could be improved from a safety perspectiveCVE-2023-26920Mediumfast-xml-parser: fast-xml-parser vulnerable to Prototype Pollution through tag or attribute nameCVE-2023-34104Highfast-xml-parser: fast-xml-parser vulnerable to Regex Injection via Doctype Entities

Stop the waste.
Protect your environment with Kodem.