VYPR
Moderate severityNVD Advisory· Published Dec 13, 2021· Updated Dec 18, 2025

HTML Cleaner allows crafted and SVG embedded scripts to pass through

CVE-2021-43818

Description

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
lxmlPyPI
< 4.6.54.6.5

Affected products

228

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.