Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

fast-xml-parser — Vulnerabilities & Security Advisories 9

All 9 CVE vulnerabilities found in fast-xml-parser, with AI-generated Chinese analysis, references, and POCs.

Vendor: NaturalIntelligence

CVE IDTitleCVSSSeverityPublished
CVE-2026-41650 fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters CWE-91 6.1 Medium2026-05-07
CVE-2026-33349 fast-xml-parser: Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation CWE-1284 5.9 Medium2026-03-24
CVE-2026-33036 fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278) CWE-776 7.5 High2026-03-20
CVE-2026-27942 fast-xml-parser has stack overflow in XMLBuilder with preserveOrder CWE-120 7.5AIHighAI2026-02-26
CVE-2026-25896 fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names CWE-185 9.3 Critical2026-02-20
CVE-2026-26278 fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit) CWE-776 7.5 High2026-02-19
CVE-2026-25128 fast-xml-parser has RangeError DoS Numeric Entities Bug CWE-20 7.5 High2026-01-30
CVE-2024-41818 ReDOS at currency parsing fast-xml-parser CWE-400 7.5 High2024-07-29
CVE-2023-34104 Regex Injection via Doctype Entities CWE-400 7.5 High2023-06-06

All 9 known CVE vulnerabilities affecting fast-xml-parser with full Chinese analysis, references, and POCs where available.