CVE-2022-21144

Summary: CVE-2022-21144 affects all versions of the libxmljs package. The issue occurs when libxmljs.parseXml is called with a non-buffer argument, causing the V8 engine to invoke the argument’s toString method; if toString is not a Function, V8 will crash, leading to a potential denial of servic...

CVE-2024-34392

CVE-2024-34392 : The libxmljs library (Node.js bindings) is affected by a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which calls _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This can lead to denia...

CVE-2024-34391

Summary: CVE-2024-34391 affects libxmljs due to a type confusion when parsing specially crafted XML and calling a function on the result of attrs() on a parsed node. This can lead to severe outcomes including DoS, data leakage, infinite loops, and, on 32-bit systems with XML_PARSE_HUGE, remote co...

CVE-2025-25341

CVE-2025-25341 affects libxmljs 1.0.11. The vulnerability occurs when parsing specially crafted XML documents: accessing the internal _ref property on entity_ref and entity_decl nodes can cause a segmentation fault, leading to a denial-of-service. Multiple sources (Red Hat, OSV, NVD, CNNVD, GHSA,...