rpm package
opensuse/python-lxml&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-lxml&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41066 | Hig | 7.5 | < 6.1.0-1.1 | 6.1.0-1.1 | Apr 24, 2026 | lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolv | |
| CVE-2025-24928 | Hig | 7.8 | < 5.3.2-1.1 | 5.3.2-1.1 | Feb 18, 2025 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. |
- affected < 6.1.0-1.1fixed 6.1.0-1.1
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolv
- affected < 5.3.2-1.1fixed 5.3.2-1.1
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.