Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

fast-xml-parser

Ecosystem:
npm
Package URL:
pkg:npm/fast-xml-parser
Total PRs:
6,662 Dependabot PRs
Latest PR:
3 days ago
Unique Repositories:
3,746 repositories
Unique Repos (30 days):
214 repositories
Security Advisories
Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser
GHSA-jp2q-39xq-3w4g CVE-2026-33349 MODERATE published 3 months ago • updated 3 days ago
## Summary The `DocTypeReader` in fast-xml-parser uses JavaScript truthy checks to evaluate `maxEntityCount` and `maxEntitySize` configuration lim...
fast-xml-parser has RangeError DoS Numeric Entities Bug
GHSA-37qj-frw5-hhjh CVE-2026-25128 HIGH published 4 months ago • updated 1 day ago
### Summary A RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-range entity code po...
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
GHSA-x3cc-x39p-42qx CVE-2023-26920 MODERATE published almost 3 years ago • updated 3 days ago
### Impact As a part of this vulnerability, user was able to se code using `__proto__` as a tag or attribute name. ```js const { XMLParser, XMLBui...
fast-xml-parser vulnerable to Regex Injection via Doctype Entities
GHSA-6w63-h3fj-q4vw CVE-2023-34104 HIGH published almost 3 years ago • updated 3 days ago
### Impact "fast-xml-parser" allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creat...
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
GHSA-m7jm-9gc2-mpf2 CVE-2026-25896 CRITICAL published 3 months ago • updated 27 days ago
# Entity encoding bypass via regex injection in DOCTYPE entity names ## Summary A dot (`.`) in a DOCTYPE entity name is treated as a regex wildca...
View all 11 advisories
Recent PRs (filtered by: Open , Patch PRs )
RSS Feed Clear filter
chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates

GlacierEQ/langgraph #9

4.5.3 → 4.5.6 Patch PR
Open 11 days ago 4 comments
GlacierEQ
chore(deps): bump the npm_and_yarn group across 5 directories with 19 updates

GlacierEQ/langgraphjs #10

4.5.3 → 4.5.6 Patch PR
Open 12 days ago 4 comments
GlacierEQ
chore(deps): bump the npm_and_yarn group across 1 directory with 19 updates

atze1210/aa-sdk #277

4.5.3 → 4.5.6 Patch PR
Open 15 days ago 2 comments
atze1210
chore(deps): bump the npm-minor-patch group with 14 updates

ryanccn/moddermore #642

5.7.2 → 5.7.3 Patch PR
Open 21 days ago 2 comments
ryanccn
Bump the minor-and-patch group across 1 directory with 18 updates

REMEDiSSecurity/VulnRap.com #18

5.7.2 → 5.7.3 Patch PR
Open 24 days ago 1 comment
REMEDiSSecurity
chore(deps): bump fast-xml-parser from 5.7.2 to 5.7.3 in the production-dependencies group

jx-grxf/Caruso-Reborn #35

5.7.2 → 5.7.3 Patch PR
Open 24 days ago 1 comment
jx-grxf
🔒 security: bump the production-dependencies group in /sheikha-main-portal with 15 updates

Sheikha-Market/Sheikha-Market #90

5.7.2 → 5.7.3 Patch PR
Open 26 days ago 2 comments
Sheikha-Market
chore(deps): bump the npm_and_yarn group across 1 directory with 15 updates

atze1210/aa-sdk #264

4.5.3 → 4.5.6 Patch PR
Open 26 days ago 2 comments
atze1210
chore(deps): bump the npm_and_yarn group across 18 directories with 10 updates

arthrod/CopilotKit #44

4.5.0 → 4.5.6 Patch PR
Open 26 days ago 1 comment
arthrod
Bump the npm_and_yarn group across 13 directories with 6 updates

Sakzz1994/Dnetpvt #101

4.5.1 → 4.5.6 Patch PR
Open 27 days ago 3 comments
Sakzz1994
chore(deps): bump fast-xml-parser from 5.7.2 to 5.7.3

camalot/vscode-workspace-tasks #222

5.7.2 → 5.7.3 Patch PR
Open 27 days ago 1 comment
camalot
Bump the npm_and_yarn group across 19 directories with 6 updates

Sakzz1994/Dnetpvt #99

4.5.1 → 4.5.6 Patch PR
Open 28 days ago 5 comments
Sakzz1994
chore(deps): bump the production group across 1 directory with 7 updates

selfagency/unpress #22

5.7.2 → 5.7.3 Patch PR
Open 28 days ago 3 comments
selfagency
build(deps): bump the npm-dependencies group across 1 directory with 32 updates

mthakur5/pdf #9

5.7.1 → 5.7.3 Patch PR
Open 29 days ago 1 comment
mthakur5
build(deps): bump the all-minor-patch group with 8 updates

ardatan/graphql-mesh #9473

5.7.2 → 5.7.3 Patch PR
Open 29 days ago 11 comments
ardatan
chore(deps): bump fast-xml-parser from 5.7.2 to 5.7.3

izu-san/dsp-calc-tool #419

5.7.2 → 5.7.3 Patch PR
Open about 1 month ago 1 comment
izu-san
build(deps): Bump fast-xml-parser from 5.7.2 to 5.7.3

mitre/saf #7403

5.7.2 → 5.7.3 Patch PR
Open about 1 month ago 1 comment
mitre
Bump fast-xml-parser from 5.7.2 to 5.7.3

mitre/heimdall2 #8064

5.7.2 → 5.7.3 Patch PR
Open about 1 month ago 2 comments
mitre
chore(deps): bump the patch-updates group across 1 directory with 21 updates

openwallet-foundation/credo-ts #2775

4.5.5 → 4.5.6 Patch PR
Open about 1 month ago 1 comment
openwallet-foundation
build(deps): bump the npm_and_yarn group across 3 directories with 20 updates

MetaMask/snap-bitcoin-wallet #603

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 2 comments
MetaMask
chore: bump fast-xml-parser from 5.7.1 to 5.7.2 in /actions/parse-ci-reports in the npm-dependencies group

hoverkraft-tech/ci-github-common #523

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 1 comment
hoverkraft-tech
build(deps): bump the npm_and_yarn group across 4 directories with 17 updates

Dargon789/aa-sdk #143

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 2 comments
Dargon789
fix(deps): Bump the production-dependencies group across 1 directory with 29 updates

castor4bit/epub-image-extractor #278

5.7.0 → 5.7.2 Patch PR
Open about 1 month ago 2 comments
castor4bit
chore(deps): Bump the production-dependencies group with 6 updates

hirokisakabe/pom #690

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 8 comments
hirokisakabe
Bump fast-xml-parser from 4.5.3 to 4.5.6 in the npm_and_yarn group across 1 directory

matkicyt-coder/studio #4

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 1 comment
matkicyt-coder
chore(deps): bump the npm_and_yarn group across 2 directories with 28 updates

MetaMask/snap-simple-keyring #174

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 2 comments
MetaMask
build(deps): bump the npm_and_yarn group across 8 directories with 6 updates

Dargon789/google-cloud-node #891

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 1 comment
Dargon789
CLDR-19055 kbd:(deps): Bump fast-xml-parser from 5.7.0 to 5.7.2 in /tools/scripts/keyboard-abnf-tests

markusicu/cldr #212

5.7.0 → 5.7.2 Patch PR
Open about 1 month ago 1 comment
markusicu
chore(deps): bump the all-dependencies group in /examples/kit-nextjs-product-listing with 9 updates

sc-sobiyasivakumar/xmcloud-starter-js #236

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 2 comments
sc-sobiyasivakumar
chore(deps-dev): bump the all-dependencies group in /examples/kit-nextjs-skate-park with 2 updates

sc-sobiyasivakumar/xmcloud-starter-js #228

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 2 comments
sc-sobiyasivakumar
chore(deps-dev): bump fast-xml-parser from 5.7.1 to 5.7.2 in /examples/kit-nextjs-product-listing

sc-sobiyasivakumar/xmcloud-starter-js #208

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 2 comments
sc-sobiyasivakumar
chore(deps-dev): bump the all-dependencies group in /examples/kit-nextjs-skate-park with 2 updates

sc-shakyawijerathne/xmcloud-starter-js #213

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 2 comments
sc-shakyawijerathne
chore(deps): bump the patch-updates group across 1 directory with 19 updates

openwallet-foundation/credo-ts #2767

4.5.5 → 4.5.6 Patch PR
Open about 1 month ago 1 comment
openwallet-foundation
build(deps): bump the minor-and-patch group across 1 directory with 10 updates

mohammed-alsalhi/Arkivel #37

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 1 comment
mohammed-alsalhi
deps: bump the production-dependencies group across 1 directory with 60 updates

GeorgeMwiki/BOSSNYUMBA101 #42

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 1 comment
GeorgeMwiki
chore(deps): bump fast-xml-parser from 5.7.1 to 5.7.2

abhishekdutta18/blogspro #174

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 1 comment
abhishekdutta18
🔒 security: bump the production-dependencies group in /sheikha-main-portal with 8 updates

Sheikha-Market/Sheikha-Market #73

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 2 comments
Sheikha-Market
chore(deps): bump the minor-and-patch group with 14 updates

OpenDigitalProductFactory/opendigitalproductfactory #258

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 1 comment
OpenDigitalProductFactory
chore(deps): bump the npm-all group with 6 updates

alexander-turner/TurnTrout.com #1202

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 5 comments
alexander-turner
build(deps): bump the npm-dependencies group with 30 updates

mthakur5/pdf #6

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 1 comment
mthakur5
chore(deps): bump fast-xml-parser from 5.7.1 to 5.7.2

ggfevans/gvns.ca #230

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 3 comments
ggfevans
chore(deps): bump the npm_and_yarn group across 1 directory with 15 updates

atze1210/aa-sdk #251

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 2 comments
atze1210
chore(deps): bump the npm_and_yarn group across 1 directory with 15 updates

atze1210/aa-sdk #250

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 2 comments
atze1210
chore(deps): bump the npm_and_yarn group across 1 directory with 14 updates

atze1210/aa-sdk #248

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 3 comments
atze1210
chore(deps): Bump fast-xml-parser from 4.5.4 to 4.5.6 in /mobile in the npm_and_yarn group across 1 directory

Meats-Central/ProjectMeats #4632

4.5.4 → 4.5.6 Patch PR
Open about 1 month ago 1 comment
Meats-Central
Bump fast-xml-parser from 4.5.3 to 4.5.6 in /functions

gbao86/tim_kiem_sach #4

4.5.3 → 4.5.6 Patch PR
Open about 2 months ago 1 comment
gbao86
chore(deps): bump the patch-updates group across 1 directory with 15 updates

openwallet-foundation/credo-ts #2758

4.5.5 → 4.5.6 Patch PR
Open about 2 months ago 1 comment
openwallet-foundation
Bump the npm_and_yarn group across 1 directory with 10 updates

billlzzz18/ai-sandbox #3

4.5.4 → 4.5.6 Patch PR
Open about 2 months ago 3 comments
billlzzz18
chore(deps): bump fast-xml-parser from 4.5.3 to 4.5.6 in /apps/control-plane

Joedaddy66/agf-sovereign-nexus #78

4.5.3 → 4.5.6 Patch PR
Open about 2 months ago 1 comment
Joedaddy66
Upgrade: [dependabot] - bump fast-xml-parser from 5.5.10 to 5.5.11

NHSDigital/electronic-prescription-service-clinical-prescription-tracker #1889

5.5.10 → 5.5.11 Patch PR
Open about 2 months ago 1 comment
NHSDigital
Package Details
Name: fast-xml-parser
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/fast-xml-parser
JSON API: View JSON
Security Advisories

11

Active advisories
CRITICAL 1
HIGH 5
MODERATE 3
LOW 2
View All npm Advisories
Package Information
Description:

Validate XML, Parse XML, Build XML without C/C++ based libraries

Repository: https://github.com/NaturalIntelligence/fast-xml-parser
Homepage: https://github.com/NaturalIntelligence/fast-xml-parser#readme
Latest Release: 5.2.3
about 1 year ago
Dependent Repos: 157,710
Dependent Packages: 1,935
Downloads: 136,945,118
Ranking: Top 0.0824% by dependent repos Top 0.0233% by downloads Top 0.0402% by dependent pkgs
PR Status
Open 2,488 (37.3%)
Merged 187 (2.8%)
Closed 3,770 (56.6%)
PR Types
Major 1,449 (21.8%)
Minor 3,002 (45.1%)
Patch 1,961 (29.4%)
Removal 19 (0.3%)