Naturalintelligence Fast-xml-parser — known CVE vulnerabilities
Every CVE whose affected-product data names Naturalintelligence Fast-xml-parser, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-25896 — CVSS 9.3 (critical): fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no…
CVE-2024-41818 — CVSS 7.5 (high): fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.
CVE-2026-25128 — CVSS 7.5 (high): fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no…
CVE-2026-26278 — CVSS 7.5 (high): fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no…
CVE-2026-27942 — CVSS 7.5 (high): fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no…
CVE-2026-33036 — CVSS 7.5 (high): fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5…
CVE-2023-34104 — CVSS 7.5 (high): fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not…
CVE-2026-41650 — CVSS 6.1 (medium): fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder…
CVE-2026-33349 — CVSS 5.9 (medium): fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before…