fast-xml-builder

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting fast-xml-builderpage 1 of 1

CVE-2026-44664MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.1.6
2026-05-13
vulnerable: 1.1.5
fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace(/--/g, '- -'). This skip the values containing three consecutive dashes (e.g., --->…
CVE-2026-44665MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.1.7
2026-05-13
fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to in…

Check whether fast-xml-builder is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for fast-xml-builder CVEs against the assets you own.

Start Free Scan →