Skip to content

[automatic] Update 27 advisories for XML2_jll and XSLT_jll #205

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 28, 2025
Merged

[automatic] Update 27 advisories for XML2_jll and XSLT_jll #205

merged 1 commit into from
Oct 28, 2025

Conversation

@jlsec-bot
Copy link
Contributor

@jlsec-bot jlsec-bot commented Oct 22, 2025

This action searched --project=libxml2, checking 100 (+0) advisories from NVD and 6 (+1) from EUVD for advisories that pertain here. It identified 27 advisories as being related to the Julia package(s): XML2_jll, and XSLT_jll.

27 advisories found concrete vulnerable ranges

  • CVE-2016-3709 for packages: XML2_jll
    • XML2_jll computed ["< 2.9.12+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2019-19956 for packages: XML2_jll
    • XML2_jll computed ["< 2.9.10+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2019-20388 for packages: XML2_jll
    • XML2_jll computed [">= 2.9.10+0, < 2.9.12+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2020-24977 for packages: XML2_jll
    • XML2_jll computed [">= 2.9.10+0, < 2.9.12+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2020-7595 for packages: XML2_jll
    • XML2_jll computed [">= 2.9.10+0, < 2.9.12+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2021-3517 for packages: XML2_jll
    • XML2_jll computed ["< 2.9.12+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2021-3518 for packages: XML2_jll
    • XML2_jll computed ["< 2.9.12+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2021-3537 for packages: XML2_jll
    • XML2_jll computed ["< 2.9.12+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2021-3541 for packages: XML2_jll
    • XML2_jll computed ["< 2.9.12+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2022-23308 for packages: XML2_jll
    • XML2_jll computed ["< 2.9.14+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2022-29824 for packages: XML2_jll, and XSLT_jll
    • XML2_jll computed ["< 2.9.14+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
    • XSLT_jll computed ["< 1.1.41+0"]. Its latest version (1.1.43+0) has components: {libxslt = "1.1.43"}
  • CVE-2022-40303 for packages: XML2_jll
    • XML2_jll computed ["< 2.10.3+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2022-40304 for packages: XML2_jll
    • XML2_jll computed ["< 2.10.3+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2022-49043 for packages: XML2_jll
    • XML2_jll computed ["< 2.12.0+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2023-28484 for packages: XML2_jll
    • XML2_jll computed ["< 2.10.4+0", ">= 2.11.5+0, < 2.12.0+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2023-29469 for packages: XML2_jll
    • XML2_jll computed ["< 2.10.4+0", ">= 2.11.5+0, < 2.12.0+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2023-39615 for packages: XML2_jll
    • XML2_jll computed [">= 2.11.5+0, < 2.12.0+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2023-45322 for packages: XML2_jll
    • XML2_jll computed ["< 2.12.0+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2024-25062 for packages: XML2_jll
    • XML2_jll computed ["< 2.12.5+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2024-34459 for packages: XML2_jll
    • XML2_jll computed ["< 2.12.7+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2024-56171 for packages: XML2_jll
    • XML2_jll computed ["< 2.13.6+1"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2025-24928 for packages: XML2_jll
    • XML2_jll computed ["< 2.13.6+1"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2025-27113 for packages: XML2_jll
    • XML2_jll computed ["< 2.13.6+1"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2025-32414 for packages: XML2_jll
    • XML2_jll computed ["< 2.13.8+0", ">= 2.14.1+0, < 2.14.4+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2025-32415 for packages: XML2_jll
    • XML2_jll computed ["< 2.13.8+0", ">= 2.14.1+0, < 2.14.4+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2025-6021 for packages: XML2_jll
    • XML2_jll computed ["< 2.14.4+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
  • CVE-2025-9714 for packages: XML2_jll
    • XML2_jll computed ["< 2.10.3+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}

@jlsec-bot jlsec-bot force-pushed the search-project_libxml2 branch from 1683209 to 2dcc893 Compare October 22, 2025 22:39
@mbauman mbauman force-pushed the search-project_libxml2 branch from 2dcc893 to 482ff71 Compare October 27, 2025 15:54
@jlsec-bot jlsec-bot force-pushed the search-project_libxml2 branch from 482ff71 to 92cf36d Compare October 28, 2025 18:09
@jlsec-bot jlsec-bot changed the title [automatic] Publish and update 27 advisories for XML2_jll and XSLT_jll [automatic] Update 27 advisories for XML2_jll and XSLT_jll Oct 28, 2025
@mbauman mbauman merged commit da5d317 into JuliaLang:main Oct 28, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jlsec-bot @mbauman