Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
Debian/node-webfont — 7 CVEs · VulnScope
pkg:Debian/
node-webfont
7 total CVEs
CRITICAL
1
HIGH
3
MEDIUM
3
✅ Check your installed version
Check
All known vulnerabilities
CRITICAL
9.3
CVE-2026-25896
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
from 0
HIGH
7.5
CVE-2026-33036
fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)
from 0
HIGH
7.5
CVE-2026-27942
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
from 0
HIGH
7.5
fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)
from 0
MEDIUM
6.5
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
from 0
MEDIUM
6.1
fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters
from 0
MEDIUM
5.9
Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser
from 0
CVE-2026-26278
CVE-2023-26920
CVE-2026-41650
CVE-2026-33349