Known Vulnerabilities for Libexpat by Libexpat Project
Listed below are 10 of the newest known vulnerabilities associated with "Libexpat" by "Libexpat Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45186 json | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via mode... | Not Provided | 2026-05-10 | 2026-05-11 |
| CVE-2026-41080 json | libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | Not Provided | 2026-04-16 | 2026-04-26 |
| CVE-2026-7210 json | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a c... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2025-66382 json | In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. | Not Provided | 2025-11-28 | 2026-05-12 |
| CVE-2025-59375 json | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is subm... | Not Provided | 2025-09-15 | 2026-05-12 |
| CVE-2024-45492 json | An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize... | Not Provided | 2024-08-30 | 2026-05-12 |
| CVE-2024-45491 json | An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-b... | Not Provided | 2024-08-30 | 2026-05-12 |
| CVE-2024-45490 json | An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | Not Provided | 2024-08-30 | 2026-05-12 |
| CVE-2022-43680 json | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityPar... | 7.5 - HIGH | 2022-10-24 | 2024-01-21 |
| CVE-2022-40674 json | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | 8.1 - HIGH | 2022-09-14 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Libexpat Project | Libexpat | 2.2.9 | |||
| Application | Libexpat Project | Libexpat | 2.2.8 | |||
| Application | Libexpat Project | Libexpat | 2.2.7 | |||
| Application | Libexpat Project | Libexpat | 2.2.6 | |||
| Application | Libexpat Project | Libexpat | 2.2.5 | |||
| Application | Libexpat Project | Libexpat | 2.2.4 | |||
| Application | Libexpat Project | Libexpat | 2.2.3 | |||
| Application | Libexpat Project | Libexpat | 2.2.2 | |||
| Application | Libexpat Project | Libexpat | 2.2.10 | |||
| Application | Libexpat Project | Libexpat | 2.2.1 | |||
| Application | Libexpat Project | Libexpat | 2.2.0 | |||
| Application | Libexpat Project | Libexpat | 2.1.1 | |||
| Application | Libexpat Project | Libexpat | 2.1.0 | |||
| Application | Libexpat Project | Libexpat | 2.0.1 | |||
| Application | Libexpat Project | Libexpat | 2.0.0 | |||
| Application | Libexpat Project | Libexpat | 1.95.8 | |||
| Application | Libexpat Project | Libexpat | 1.95.7 | |||
| Application | Libexpat Project | Libexpat | 1.95.6 | |||
| Application | Libexpat Project | Libexpat | 1.95.5 | |||
| Application | Libexpat Project | Libexpat | 1.95.4 |