VYPR

rpm package

opensuse/python-lxml&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-lxml&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2026-41066HigApr 24, 2026
    affected < 6.1.0-1.1fixed 6.1.0-1.1

    lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolv

  • CVE-2025-24928HigFeb 18, 2025
    affected < 5.3.2-1.1fixed 5.3.2-1.1

    libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.