feedgen is vulnerable to XML entity expansion. The library allows parsing of XML content into existing XML tree, which would allow an attacker to perform an XML bomb attack resulting in excessive resource consumption leading to an application crash.
docs.microsoft.com/en-us/archive/msdn-magazine/2009/november/xml-denial-of-service-attacks-and-defenses
github.com/advisories/GHSA-g8q7-xv52-hf9f
github.com/lkiesow/python-feedgen/commit/f57a01b20fa4aaaeccfa417f28e66b4084b9d0cf
github.com/lkiesow/python-feedgen/security/advisories/GHSA-g8q7-xv52-hf9f
lists.fedoraproject.org/archives/list/[email protected]/message/T6I5ENUYGFNMIH6ZQ62FZ6VU2WD3SIOI/