Naturalintelligence Fast-xml-parser
9 CVEs affecting Naturalintelligence Fast-xml-parser. Latest disclosed: 2026-05-07. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-25896 | Critical | 9.3 | 2026-02-20 | fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to b… |
CVE-2026-33036 | High | 7.5 | 2026-03-20 | fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vul… |
CVE-2026-26278 | High | 7.5 | 2026-02-19 | fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4… |
CVE-2026-25128 | High | 7.5 | 2026-01-30 | fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5… |
CVE-2024-41818 | High | 7.5 | 2024-07-29 | fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1. |
CVE-2023-34104 | High | 7.5 | 2023-06-06 | fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. S… |
CVE-2026-41650 | Medium | 6.1 | 2026-05-07 | fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "… |
CVE-2026-33349 | Medium | 5.9 | 2026-03-24 | fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the D… |
CVE-2026-27942 | | 2026-02-26 | fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to versi… |