CVE-2026-33166 Allure Report has an Arbitrary File Read via Path Traversal in Attachment Processing (Allure 1, Allure 2, and XCTest Readers)

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file -result.json,...

Allure Report 路径遍历漏洞

Allure Report is a flexible and lightweight multi-language test report tool developed under the Allure Framework. Versions of Allure Report prior to 2.38.0 contained a path traversal vulnerability. This vulnerability stemmed from issues with path traversal during the processing of test results,...

EUVD-2025-19057

Malicious code in bioql PyPI...

CVE-2025-52888

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...

CVE-2025-52888

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...

CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...

CVE-2025-52888 Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction

Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity XXE vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser DocumentBuilderFactory and...

Allure Report 代码问题漏洞

Allure Report is a flexible, lightweight, multi-language test reporting tool from the Allure Framework open source. A code issue vulnerability exists in Allure Report 2 versions prior to 2.34.1, which stems from xunit-xml-plugin not securely configuring the XML parser, which could lead to XXE...