EUVD-2025-124622

Malicious code in native-terser-polaris-xml npm...

MAL-2025-142927 Malicious code in global-csrf-xml-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a669302077b44dbbcb3bdfd3d6456495a67dbcffacbdef50b03e2fbf92f2b41 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2020-21878

Malware in sbrugna...

EUVD-2022-0070

Malicious code in bioql PyPI...

Malicious code in polaris-node-config-graphql-xml (npm)

The package polaris-node-config-graphql-xml was found to contain malicious code...

MAL-2025-46190 Malicious code in tachyon-vulcan-callisto-xml (npm)

The package tachyon-vulcan-callisto-xml was found to contain malicious code...

CVE-2022-42043

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

Linux Distros Unpatched Vulnerability : CVE-2020-29510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows a...

Linux Distros Unpatched Vulnerability : CVE-2020-29511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allow...

RHEL 7 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - go: encoding/xml: XML element instability CVE-2020-29511 - The x/text package before 0.3.3 for Go has a...

PYSEC-2022-43045

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

CVE-2022-42043

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0...

PT-2022-37387 · Pypi · D8S-Xml +1

Name of the Vulnerable Software and Affected Versions: d8s-xml version 0.1.0 Description: The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. Recommendations: For version 0.1.0, avo...

Fedora: Security Advisory for golang-github-burntsushi-toml (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GHSA-4HQ8-GMXX-H6W9 XML Processing error in github.com/crewjam/saml

Impact There are three vulnerabilities in the go encoding/xml package that can allow an attacker to forge part of a signed XML document. For details on this vulnerability see xml-roundtrip-validator Patches In version 0.4.3, all XML input is validated prior to being parsed...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2021-1480)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-29510

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

CVE-2020-29511

The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

PSF-2018-7 xml package does not obey ignore_environment

On two occasions, the xml package uses environment variables to override parser / DOM implementations: xml.sax package and xml.dom.domreg module. On both occasions, the code should not use env vars to override module names, when the interpreter is started with flags like -E or -I...

Remote code execution

In CMS Made Simple CMSMS through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element...