VulnerableCode Package Details - pkg:pypi/lxml@6.0.4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/lxml@6.0.4

Essentials
History (1)

purl	pkg:pypi/lxml@6.0.4

Next non-vulnerable version	6.1.0
Latest non-vulnerable version	6.1.0
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-1dyf-bxvq-u3bx Aliases: CVE-2026-41066 GHSA-vfmq-68hx-4jfw PYSEC-2026-87	lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0.	6.1.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:24:54.544229+00:00	Pypa Importer	Affected by	VCID-1dyf-bxvq-u3bx	https://github.com/pypa/advisory-database/blob/main/vulns/lxml/PYSEC-2026-87.yaml	38.6.0