fast-xml-parser

10 known vulnerabilities · 0 critical · 2 high

fast-xml-parser has RangeError DoS Numeric Entities Bug

Published Jan 30, 2026

fast-xml-parser vulnerable to ReDOS at currency parsing

Published Jul 29, 2024

fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name

Published Jun 13, 2023

Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser

Published Mar 19, 2026

fast-xml-parser has stack overflow in XMLBuilder with preserveOrder

Published Feb 26, 2026

fast-xml-parser vulnerable to Regex Injection via Doctype Entities

Published Jun 6, 2023

fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)

Published Mar 17, 2026

fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names

Published Feb 20, 2026

fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)

Published Feb 17, 2026

GHSA-gh4j-gqv2-49f6

fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters

Published Apr 22, 2026

Check your entire dependency tree at onceRun dependency scan →