Search for packages
Package details: pkg:deb/debian/lxml@4.6.3%2Bdfsg-0.1%2Bdeb11u1
purl pkg:deb/debian/lxml@4.6.3%2Bdfsg-0.1%2Bdeb11u1
Next non-vulnerable version 4.9.2-1
Latest non-vulnerable version 4.9.2-1
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-gufu-nks1-aaag
Aliases:
CVE-2022-2309
GHSA-wrxv-2j5q-m38w
PYSEC-2022-230
NULL Pointer Dereference in lxml
4.9.2-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-jq1x-31sj-aaas An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. CVE-2021-28957
GHSA-jq4v-f5q6-mjqq
PYSEC-2021-19
VCID-sky5-23ka-aaaj A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. CVE-2020-27783
GHSA-pgww-xf46-h92r
PYSEC-2020-62
VCID-ub64-azys-aaaf lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. CVE-2021-43818
GHSA-55x5-fj6c-h6m8
PYSEC-2021-852

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T04:17:15.820080+00:00 Debian Oval Importer Fixing VCID-ub64-azys-aaaf None 36.1.3
2025-06-21T03:44:36.275779+00:00 Debian Oval Importer Fixing VCID-sky5-23ka-aaaj None 36.1.3
2025-06-21T01:42:55.016199+00:00 Debian Oval Importer Fixing VCID-jq1x-31sj-aaas None 36.1.3
2025-06-21T00:19:19.601723+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag None 36.1.3
2025-06-20T22:46:11.127652+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-07T21:53:08.551164+00:00 Debian Oval Importer Fixing VCID-ub64-azys-aaaf None 36.1.0
2025-06-07T21:18:49.542022+00:00 Debian Oval Importer Fixing VCID-sky5-23ka-aaaj None 36.1.0
2025-06-07T19:06:05.333973+00:00 Debian Oval Importer Fixing VCID-jq1x-31sj-aaas None 36.1.0
2025-04-12T22:10:32.969559+00:00 Debian Oval Importer Fixing VCID-sky5-23ka-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:06:17.444183+00:00 Debian Oval Importer Fixing VCID-jq1x-31sj-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:46:54.935281+00:00 Debian Oval Importer Fixing VCID-ub64-azys-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-07T20:23:33.135168+00:00 Debian Oval Importer Fixing VCID-ub64-azys-aaaf None 36.0.0
2025-04-07T19:48:43.821407+00:00 Debian Oval Importer Fixing VCID-sky5-23ka-aaaj None 36.0.0
2025-04-07T17:43:56.638677+00:00 Debian Oval Importer Fixing VCID-jq1x-31sj-aaas None 36.0.0
2025-04-04T03:01:49.626969+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag None 36.0.0
2025-04-04T02:03:33.675219+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-02-20T17:49:23.018629+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-20T17:49:21.620198+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag None 35.1.0
2024-11-23T10:35:27.545184+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-10-10T08:52:12.313953+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-09-19T15:13:55.336489+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag https://security-tracker.debian.org/tracker/data/json 34.0.1
2024-04-25T12:21:59.840026+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-25T12:21:58.192094+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag None 34.0.0rc4
2024-01-11T14:15:34.691070+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag https://security-tracker.debian.org/tracker/data/json 34.0.0rc2
2024-01-11T14:15:30.548021+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag None 34.0.0rc2
2024-01-04T23:46:57.967032+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-04T23:46:53.615013+00:00 Debian Importer Affected by VCID-gufu-nks1-aaag None 34.0.0rc1