fast-xml-parser_project CVE Vulnerabilities & Metrics

Focus on fast-xml-parser_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About fast-xml-parser_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with fast-xml-parser_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total fast-xml-parser_project CVEs: 2
Earliest CVE date: 06 Jun 2023, 18:15 UTC
Latest CVE date: 29 Jul 2024, 16:15 UTC

Latest CVE reference: CVE-2024-41818

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical fast-xml-parser_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS fast-xml-parser_project CVEs

These are the five CVEs with the highest CVSS scores for fast-xml-parser_project, sorted by severity first and recency.

CVE-2024-41818 fast-xml-parser_project Published on 29 Jul 2024, 16:15 UTC (CVSS: 0)
fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.
CVE-2023-34104 fast-xml-parser_project Published on 06 Jun 2023, 18:15 UTC (CVSS: 0)
fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performi...

All CVEs for fast-xml-parser_project

CVE-2024-41818 fast-xml-parser_project vulnerability CVSS: 0 29 Jul 2024, 16:15 UTC

fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.

CVE-2023-34104 fast-xml-parser_project vulnerability CVSS: 0 06 Jun 2023, 18:15 UTC

fast-xml-parser is an open source, pure javascript xml parser. fast-xml-parser allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creating a regex for searching and replacing entities in the XML body, an attacker can abuse it for denial of service (DoS) attacks. By crafting an entity name that results in an intentionally bad performing regex and utilizing it in the entity replacement step of the parser, this can cause the parser to stall for an indefinite amount of time. This problem has been resolved in v4.2.4. Users are advised to upgrade. Users unable to upgrade should avoid using DOCTYPE parsing by setting the `processEntities: false` option.