Xmlsoft Xmlsoft

  1. Vendors
  2. Xmlsoft

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Xmlsoft product.

RSS Feeds for Xmlsoft security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Xmlsoft products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Xmlsoft Sorted by Most Security Vulnerabilities since 2018

Xmlsoft Libxml260 vulnerabilities

Xmlsoft Libxslt11 vulnerabilities

Xmlsoft Libxml2 vulnerabilities

Xmlsoft Xmllint2 vulnerabilities

By the Year

In 2026 there have been 0 vulnerabilities in Xmlsoft. Last year, in 2025 Xmlsoft had 9 security vulnerabilities published. Right now, Xmlsoft is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 9 5.91
2024 2 7.50
2023 5 6.93
2022 5 7.33
2021 6 7.73
2020 3 7.17
2019 5 8.27
2018 7 6.87

It may take a day or so for new Xmlsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Xmlsoft Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-6170 Jun 16, 2025
xmllint CLI Buffer Overflow via Oversized Input in Interactive Shell A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.
Libxml2
CVE-2025-32415 Apr 17, 2025
libxml2 <2.13.8/2.14.2: heap under-read in xmlSchemaIDCFillNodeTables In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Libxml2
CVE-2025-32414 Apr 08, 2025
OOB Mem Access in libxml2 Python API before 2.13.8 & 2.14.2 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.
Libxml2
CVE-2024-55549 Mar 14, 2025
Use-After-Free in libxslt before 1.1.43 xsltGetInheritedNsList xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
Libxslt
CVE-2025-24855 Mar 14, 2025
UA-F in libxslt <1.1.43 via nested XPath eval numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
Libxslt
CVE-2025-24928 Feb 18, 2025
Stack Buffer Overflow in libxml2 (xmlSnprintfElements) before 2.13.6 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
Libxml2
CVE-2025-27113 Feb 18, 2025
libxml2 NULL Ptr Dref in xmlPatMatch (pre 2.12.10, 2.13.x < 2.13.6) libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
Libxml2
CVE-2024-56171 Feb 18, 2025
UAF in libxml2 2.12.x (<2.12.10) & 2.13.x (<2.13.6) xmlSchemaIDCFillNodeTables libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Libxml2
CVE-2022-49043 Jan 26, 2025
libxml2 <2.11 UA-Free via xmlXIncludeAddNode xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
Libxml2
CVE-2024-34459 May 14, 2024
Buffer Over-read in xmllint (libxml2) before 2.11.8/2.12.7 --htmlout An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
Xmllint
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.