lxml — CVE history (PyPI)
lxml
3 CVEs affect the lxml PyPI package (highest CVSS 8.2). Latest disclosed: 2026-04-24. Full CVE history sourced from NVD.
Summary
- Package
lxml(PyPI)- Total CVEs
3- Actively exploited (CISA KEV)
- 0
- Highest CVSS
8.2- Latest disclosed
- 2026-04-24
Recent CVEs (top 3)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-41066 | High | 7.5 | — | 2026-04-24 | lxml is a library for processing XML and HTML in the Python language. |
CVE-2021-43818 | High | 8.2 | — | 2021-12-13 | lxml is a library for processing XML and HTML in the Python language. |
CVE-2014-3146 | Medium | 6.1 | — | 2014-05-14 | Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function. |
All-time worst (top 3 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2021-43818 | High | 8.2 | — | 2021-12-13 | lxml is a library for processing XML and HTML in the Python language. |
CVE-2026-41066 | High | 7.5 | — | 2026-04-24 | lxml is a library for processing XML and HTML in the Python language. |
CVE-2014-3146 | Medium | 6.1 | — | 2014-05-14 | Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function. |