Libexpat
This hub aggregates every CVE we track for Libexpat, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
35
CVEs tracked
10
Critical
18
High
0
In CISA KEV
Severity distribution
HIGH18CRITICAL10MEDIUM5LOW2
Monthly trend
3
0
1
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
1
1
1
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Libexpat.
- CVE-2026-50219libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violatio...4.9
- CVE-2026-45186In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.2.9
- CVE-2026-41080libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.2.9
- CVE-2024-8176Libexpat: expat: improper restriction of xml entity expansion depth in libexpat7.5
- CVE-2024-50602An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.5.9
- CVE-2024-45491An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).9.8
- CVE-2024-45492An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).9.8
- CVE-2024-45490An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.7.5
- CVE-2024-28757libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).7.5
- CVE-2023-52426libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.5.5
- CVE-2023-52425libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.7.5
- CVE-2022-40674libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.8.1
- CVE-2022-25314In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.7.5
- CVE-2022-25315In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.9.8
- CVE-2022-25313In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.6.5
Product normalization is registry-driven with AI assist and human review. How it works