Version 1.0.11

libxmljs

NodeJS bindings for libxml2 written in Typescript

Install Instructions

npm install libxmljs
Current Version Release Date October 18, 2023
Language JavaScript/TypeScript
Package URL (purl) pkg:npm/libxmljs@1.0.11

Find libxmljs vulnerabilities in your supply chain.

Scan for Free

libxmljs Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2013-1969 High 7.5 CWE-119, CWE-611, CWE-399, CWE-400 0.01288 0.86347
  • 0.4.1–0.16.1
CVE-2013 Unknown CWE-119, CWE-611, CWE-399, CWE-400 None None
  • 0.4.1–0.16.1
CVE-2014-3660 Medium 5 CWE-119, CWE-611, CWE-399, CWE-400 0.00987 0.84109
  • 0.4.1–0.16.1
CVE-2015-5312 High 7.1 CWE-119, CWE-611, CWE-399, CWE-400 0.00613 0.79335
  • 0.4.1–0.16.1
CVE-2015-7497 Medium 5 CWE-119, CWE-611, CWE-399, CWE-400 0.01795 0.88595
  • 0.4.1–0.16.1
CVE-2015-7498 Medium 5 CWE-119, CWE-611, CWE-399, CWE-400 0.01795 0.88595
  • 0.4.1–0.16.1
CVE-2015-7499 Medium 5.6 CWE-119, CWE-611, CWE-399, CWE-400 0.00247 0.65131
  • 0.4.1–0.16.1
CVE-2015-7500 Medium 5.6 CWE-119, CWE-611, CWE-399, CWE-400 0.01114 0.85135
  • 0.4.1–0.16.1
CVE-2015-7941 Medium 4.3 CWE-119, CWE-611, CWE-399, CWE-400 0.00207 0.59398
  • 0.4.1–0.16.1
CVE-2015-7942 Medium 6.8 CWE-119, CWE-611, CWE-399, CWE-400 0.00619 0.79451
  • 0.4.1–0.16.1
CVE-2015-8035 Low 2.6 CWE-119, CWE-611, CWE-399, CWE-400 0.0097 0.83969
  • 0.4.1–0.16.1
CVE-2015-8241 Medium 6.4 CWE-119, CWE-611, CWE-399, CWE-400 0.01135 0.85301
  • 0.4.1–0.16.1
CVE-2015-8242 Medium 5.8 CWE-119, CWE-611, CWE-399, CWE-400 0.00744 0.81515
  • 0.4.1–0.16.1
CVE-2015-8317 Medium 5 CWE-119, CWE-611, CWE-399, CWE-400 0.00955 0.83854
  • 0.4.1–0.16.1
CVE-2022-21144 High 7.5 CWE-400 0.00182 0.56659
  • 0.4.1–0.19.7
CVE-2024-34391 High 8.1 CWE-94, CWE-843 0.00043 0.10406
  • 1.0.0–1.0.11
  • 0.4.1–0.19.10
CVE-2024-34392 High 8.1 CWE-843 0.00043 0.10406
  • 1.0.0–1.0.11
  • 0.4.1–0.19.10

libxmljs Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2024-34392 libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2024-34391 libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2022-21144 This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2015-8317 The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2015-8242 The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2015-8241 The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2015-8035 The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2015-7942 The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2015-7941 libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2015-7500 The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2015-7499 Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2015-7498 Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2015-7497 Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2015-5312 The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2014-3660 parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2013-1969 Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function. 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION
CVE-2013 None 0.8.1, 0.11.0, 0.14.1, 0.10.0, 0.6.1, 0.8.0, 0.4.1, 0.5.2 (Show all) Patch → NO_SAFE_VERSION

Instantly see if these libxmljs vulnerabilities affect your code.

Scan for Free