lxml

Top products

The 7 most recently published vulnerabilities affecting lxml.

• CVE-2026-41066lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files7.5Apr 24, 2026
• CVE-2022-2309NULL Pointer Dereference in lxml/lxml7.5Jul 5, 2022
• CVE-2021-43818HTML Cleaner allows crafted and SVG embedded scripts to pass through8.2Dec 13, 2021
• CVE-2021-28957An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction att...6.1Mar 21, 2021
• CVE-2020-27783A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A...6.1Dec 3, 2020
• CVE-2018-19787An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks,...6.1Dec 2, 2018
• CVE-2014-3146Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme...6.1May 14, 2014