VIR Vulnerability Intelligence Relay

Package impact

npm npm / fast-xml-parser

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-41650 medium 6.1 6.1 23d ago fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters
CVE-2026-33349 unknown 2mo ago fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses Jav…
CVE-2026-33036 unknown 2mo ago fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character refer…
CVE-2026-27942 unknown 3mo ago fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with s…
CVE-2026-25896 unknown 3mo ago fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE enti…
CVE-2026-26278 unknown 3mo ago fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be…
CVE-2026-25128 unknown 4mo ago fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerab…
CVE-2024-41818 unknown 2y ago fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.
CVE-2023-26920 unknown 3y ago fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.
CVE-2023-34104 unknown 3y ago fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creatin…