Libxslt

This hub aggregates every CVE we track for Libxslt. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Libxslt.

• CVE-2025-11731Libxslt: type confusion in exsltfuncresultcompfunction of libxslt3.1Oct 14, 2025
• CVE-2025-10911Libxslt: use-after-free with key data stored cross-rvt5.5Sep 25, 2025
• CVE-2025-7424Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes7.5Jul 10, 2025
• CVE-2025-7425Libxslt: libxml2: heap use-after-free in libxslt caused by atype corruption in xmlattrptr7.8Jul 10, 2025
• CVE-2025-24855numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, ...7.8Mar 14, 2025
• CVE-2024-55549xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.7.8Mar 14, 2025
• CVE-2022-29824In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitatio...6.5May 3, 2022
• CVE-2021-30560Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8Aug 3, 2021
• CVE-2019-5815Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.7.5Dec 11, 2019
• CVE-2019-18197In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds ...7.5Oct 18, 2019
• CVE-2019-13118In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal...5.3Jul 1, 2019
• CVE-2019-13117In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte...5.3Jul 1, 2019
• CVE-2019-11068libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for...9.8Apr 10, 2019
• CVE-2017-5029The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check fo...8.8Apr 24, 2017
• CVE-2015-9019In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.5.3Apr 5, 2017