Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apk/alpine/py3-lxml@4.6.3-r0?arch=x86&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/py3-lxml@4.6.3-r0?arch=x86&distroversion=v3.21&reponame=main
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-u7xg-3dp7-vkc2 An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. CVE-2021-28957
GHSA-jq4v-f5q6-mjqq
PYSEC-2021-19

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-03T17:49:36.940414+00:00 Alpine Linux Importer Fixing VCID-u7xg-3dp7-vkc2 https://secdb.alpinelinux.org/v3.21/main.json 38.1.0