VulnerableCode Package Details - pkg:pypi/xml2rfc@3.30.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/xml2rfc@3.30.2

Essentials
History (3)

purl	pkg:pypi/xml2rfc@3.30.2

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-96zb-v69y-7udq	xml2rfc is vulnerable to arbitrary file reads through prepped files ### Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML. ### Workarounds Test untrusted input with `link` elements with `rel="attachment"` before processing. ### References This is related to [GHSA-cfmv-h8fx-85m7](https://github.com/ietf-tools/xml2rfc/security/advisories/GHSA-cfmv-h8fx-85m7).	CVE-2025-11059 GHSA-9mv7-3c64-mmqw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-15T01:56:25.423108+00:00	GHSA Importer	Fixing	VCID-96zb-v69y-7udq	https://github.com/advisories/GHSA-9mv7-3c64-mmqw	38.6.0
2026-06-12T15:48:33.972906+00:00	GitLab Importer	Fixing	VCID-96zb-v69y-7udq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/xml2rfc/CVE-2025-11059.yml	38.6.0
2026-06-12T07:53:00.837453+00:00	GithubOSV Importer	Fixing	VCID-96zb-v69y-7udq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-9mv7-3c64-mmqw/GHSA-9mv7-3c64-mmqw.json	38.6.0