Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/lxml@4.2.5-1?distro=trixie
purl pkg:deb/debian/lxml@4.2.5-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-f2mc-pj1u-4ub4 An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146. CVE-2018-19787
GHSA-xp26-p53h-6h2p
PYSEC-2018-12

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T09:41:38.225680+00:00 Debian Importer Fixing VCID-f2mc-pj1u-4ub4 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-11T18:26:52.582105+00:00 Debian Importer Fixing VCID-f2mc-pj1u-4ub4 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:45:25.671196+00:00 Debian Importer Fixing VCID-f2mc-pj1u-4ub4 https://security-tracker.debian.org/tracker/data/json 38.1.0