CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

CVE-2026-34601

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...

BIT-RUBY-MIN-2021-28965

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing...

DEBIAN-CVE-2020-7610

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...

Internal Property Tampering

Overview bson is a BSON Parser for node and browser. Affected versions of this package are vulnerable to Internal Property Tampering. The package will ignore an unknown value for an object's bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type...