SecAlerts
CVE ListPricingSign Up
expat logo

expat

Security Risk Profile

42
/100
medium

Security Risk Score

Comprehensive risk assessment based on 28 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from August 22, 2013 to present

28
Total CVEs
6
Critical+High
0
Exploited
2
Unpatched

Threat Assessment

Avg CVSS
5.5
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
2
Critical/High
Risk Level
42/100
medium
📈 1 in Last 30 Days

Severity Distribution

Critical
0
High
6
Medium
10
Low
0

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
1

Age Distribution

Common Weaknesses (CWE)

1
Use After Free
3
2
Input Validation
2
3
Integer Overflow
2
4
Race Condition
1
5
Double Free
1

Most Affected Products

1. Expat libexpat17
2. Expat Expat11
3. Libexpat Project Libexpat5
4. F5 BIG-IP4
5. Apple iPadOS4

Recent Vulnerabilities

See more →
CVE-2026-50219
CVSS 5.9medium
6/4/2026
https://seclists.org/oss-sec/2026/q2/486
unknown

libexpat 2.8.1 fixes CVE-2026-45186 (denial of service)

5/11/2026🔧 No Patch
CVE-2026-7210
CVSS 6.3EPSS 0%medium

The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

5/11/2026
REDHAT-BUG-2468575
CVSS 7.0high
5/10/2026🔧 No Patch
CVE-2026-45186
CVSS 7.5high

libexpat 2.8.1 fixes CVE-2026-45186 (denial of service)

5/10/2026
https://seclists.org/oss-sec/2026/q2/218
unknown

libexpat 2.8.0 fixes CVE-2026-41080 (insufficient entropy)

4/26/2026🔧 No Patch
CVE-2026-41080
CVSS 7.5high

libexpat 2.8.0 fixes CVE-2026-41080 (insufficient entropy)

4/16/2026
https://seclists.org/oss-sec/2026/q1/331
unknown

libexpat 2.7.5 fixes the vulnerabilities (2x null def, 1x infinite loop)

3/17/2026🔧 No Patch
REDHAT-BUG-2448181
CVSS 4.0medium
3/16/2026🔧 No Patch
https://seclists.org/oss-sec/2025/q4/224
unknown

expat looking for help with another unfixed non-public denial-of-service vulnerability [CVE-2025-66382]

12/2/2025🔧 No Patch

Monitor expat in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.