SecAlerts
CVE ListPricingSign Up
lxml logo

lxml

Security Risk Profile

43
/100
medium

Security Risk Score

Comprehensive risk assessment based on 8 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from May 14, 2014 to present

8
Total CVEs
4
Critical+High
0
Exploited
0
Unpatched

Threat Assessment

Avg CVSS
7
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
43/100
medium

Severity Distribution

Critical
0
High
4
Medium
4
Low
0

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
0

Age Distribution

Common Weaknesses (CWE)

1
XSS
5
2
XEE
2
3
Null Pointer Dereference
1
4
Command Injection
1

Most Affected Products

1. lxml lxml103
2. Fedoraproject Fedora8
3. Debian Debian Linux8
4. pip/lxml7
5. redhat/python-lxml6

Recent Vulnerabilities

See more →
CVE-2026-41066
CVSS 7.5high

lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

4/21/2026
CVE-2025-6985
CVSS 7.5high

XXE Vulnerability in langchain-ai/langchain

10/6/2025
CVE-2022-2309
CVSS 7.5high

NULL Pointer Dereference in lxml/lxml

7/5/2022
CVE-2021-43818
CVSS 8.8high

HTML Cleaner allows crafted and SVG embedded scripts to pass through

12/12/2021
CVE-2021-28957
CVSS 6.1medium
3/21/2021
CVE-2020-27783
CVSS 6.1medium
10/18/2020
CVE-2018-19787
CVSS 6.1medium
12/2/2018
CVE-2014-3146
CVSS 6.1medium
5/14/2014

Monitor lxml in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

lxml Security Vulnerabilities & Risk Score | 8 CVEs | SecAlerts - SecAlerts