Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

3 advisories

Loading
deprrous Credited to deprrous and yuezk yuezk yuezk
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names Critical
CVE-2026-25896 was published for fast-xml-parser (npm) Feb 20, 2026
Ochk0 Credited to Ochk0 and yuezk yuezk yuezk
fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit) High
CVE-2026-26278 was published for fast-xml-parser (npm) Feb 17, 2026
ByamB4 Credited to ByamB4 and yuezk yuezk yuezk
ProTip! Advisories are also available from the GraphQL API