Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

fast-xml-parser

Ecosystem:
npm
Package URL:
pkg:npm/fast-xml-parser
Total PRs:
6,662 Dependabot PRs
Latest PR:
2 days ago
Unique Repositories:
3,746 repositories
Unique Repos (30 days):
214 repositories
Security Advisories
Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser
GHSA-jp2q-39xq-3w4g CVE-2026-33349 MODERATE published 3 months ago • updated 3 days ago
## Summary The `DocTypeReader` in fast-xml-parser uses JavaScript truthy checks to evaluate `maxEntityCount` and `maxEntitySize` configuration lim...
fast-xml-parser has RangeError DoS Numeric Entities Bug
GHSA-37qj-frw5-hhjh CVE-2026-25128 HIGH published 4 months ago • updated 1 day ago
### Summary A RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-range entity code po...
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
GHSA-x3cc-x39p-42qx CVE-2023-26920 MODERATE published almost 3 years ago • updated 3 days ago
### Impact As a part of this vulnerability, user was able to se code using `__proto__` as a tag or attribute name. ```js const { XMLParser, XMLBui...
fast-xml-parser vulnerable to Regex Injection via Doctype Entities
GHSA-6w63-h3fj-q4vw CVE-2023-34104 HIGH published almost 3 years ago • updated 3 days ago
### Impact "fast-xml-parser" allows special characters in entity names, which are not escaped or sanitized. Since the entity name is used for creat...
fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
GHSA-m7jm-9gc2-mpf2 CVE-2026-25896 CRITICAL published 3 months ago • updated 26 days ago
# Entity encoding bypass via regex injection in DOCTYPE entity names ## Summary A dot (`.`) in a DOCTYPE entity name is treated as a regex wildca...
View all 11 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
chore(deps): bump the npm_and_yarn group across 3 directories with 20 updates

theinsightcentre/generative-ai-google #9

4.5.0 → 4.5.6 Patch PR
Closed 8 days ago 1 comment
theinsightcentre
chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates

GlacierEQ/langgraph #9

4.5.3 → 4.5.6 Patch PR
Open 11 days ago 4 comments
GlacierEQ
chore(deps): bump the npm_and_yarn group across 5 directories with 19 updates

GlacierEQ/langgraphjs #10

4.5.3 → 4.5.6 Patch PR
Open 12 days ago 4 comments
GlacierEQ
chore(deps): bump the npm_and_yarn group across 1 directory with 19 updates

atze1210/aa-sdk #277

4.5.3 → 4.5.6 Patch PR
Open 15 days ago 2 comments
atze1210
chore(deps): bump the npm-minor-patch group with 14 updates

ryanccn/moddermore #642

5.7.2 → 5.7.3 Patch PR
Open 21 days ago 2 comments
ryanccn
chore(deps): bump the npm_and_yarn group across 18 directories with 8 updates

arthrod/CopilotKit #51

4.5.0 → 4.5.6 Patch PR
Closed 21 days ago 3 comments
arthrod
build(deps): bump fast-xml-parser from 4.5.4 to 4.5.6

javier545dev/react-native-config-ultimate #28

4.5.4 → 4.5.6 Patch PR
Closed 22 days ago 2 comments
javier545dev
Bump the minor-and-patch group across 1 directory with 18 updates

REMEDiSSecurity/VulnRap.com #18

5.7.2 → 5.7.3 Patch PR
Open 23 days ago 1 comment
REMEDiSSecurity
chore(deps): Bump fast-xml-parser from 5.7.2 to 5.7.3

macieklamberski/feedsmith #299

5.7.2 → 5.7.3 Patch PR
Closed 24 days ago 2 comments
macieklamberski
chore(deps): bump fast-xml-parser from 5.7.2 to 5.7.3 in the production-dependencies group

jx-grxf/Caruso-Reborn #35

5.7.2 → 5.7.3 Patch PR
Open 24 days ago 1 comment
jx-grxf
build(deps): bump the simple group across 1 directory with 56 updates

sjwiesman/materialize #523

5.7.1 → 5.7.3 Patch PR
Closed 24 days ago 2 comments
sjwiesman
Bump the production-dependencies group across 1 directory with 4 updates

eagles-edu/sis #90

5.7.2 → 5.7.3 Patch PR
Closed 25 days ago 1 comment
eagles-edu
🔒 security: bump the production-dependencies group in /sheikha-main-portal with 15 updates

Sheikha-Market/Sheikha-Market #90

5.7.2 → 5.7.3 Patch PR
Open 25 days ago 2 comments
Sheikha-Market
chore(deps): bump the npm_and_yarn group across 1 directory with 15 updates

atze1210/aa-sdk #264

4.5.3 → 4.5.6 Patch PR
Open 26 days ago 2 comments
atze1210
chore(deps): bump the npm_and_yarn group across 18 directories with 10 updates

arthrod/CopilotKit #44

4.5.0 → 4.5.6 Patch PR
Open 26 days ago 1 comment
arthrod
deps(deps): bump the production-dependencies group with 13 updates

anantacloud-actions/artifact-upload #3

5.7.2 → 5.7.3 Patch PR
Closed 26 days ago 3 comments
anantacloud-actions
Bump the npm_and_yarn group across 13 directories with 6 updates

Sakzz1994/Dnetpvt #101

4.5.1 → 4.5.6 Patch PR
Open 27 days ago 3 comments
Sakzz1994
chore(deps): bump fast-xml-parser from 5.7.2 to 5.7.3

camalot/vscode-workspace-tasks #222

5.7.2 → 5.7.3 Patch PR
Open 27 days ago 1 comment
camalot
Bump the npm_and_yarn group across 19 directories with 6 updates

Sakzz1994/Dnetpvt #99

4.5.1 → 4.5.6 Patch PR
Open 28 days ago 5 comments
Sakzz1994
chore(deps): bump the production group across 1 directory with 7 updates

selfagency/unpress #22

5.7.2 → 5.7.3 Patch PR
Open 28 days ago 3 comments
selfagency
build(deps): bump the npm-dependencies group across 1 directory with 32 updates

mthakur5/pdf #9

5.7.1 → 5.7.3 Patch PR
Open 28 days ago 1 comment
mthakur5
chore(deps): bump the all-dependencies group across 1 directory with 9 updates

fcsonline/droneroute #30

5.7.1 → 5.7.3 Patch PR
Closed 28 days ago 2 comments
fcsonline
build(deps): bump the all-minor-patch group with 8 updates

ardatan/graphql-mesh #9473

5.7.2 → 5.7.3 Patch PR
Open 29 days ago 11 comments
ardatan
chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates

MetaMask/snap-7715-permissions #314

4.5.3 → 4.5.6 Patch PR
Closed 29 days ago 1 comment
MetaMask
Bump the npm_and_yarn group across 6 directories with 1 update

dragonflycapital/functions-samples #73

4.5.1 → 4.5.6 Patch PR
Closed 29 days ago 1 comment
dragonflycapital
deps(functions): bump the non-major group across 1 directory with 26 updates

jdealtia-sys/nobigdealwithjoedeal.com #126

5.7.1 → 5.7.3 Patch PR
Closed 29 days ago 2 comments
jdealtia-sys
chore(deps): bump fast-xml-parser from 5.7.2 to 5.7.3

izu-san/dsp-calc-tool #419

5.7.2 → 5.7.3 Patch PR
Open about 1 month ago 1 comment
izu-san
build(deps): Bump fast-xml-parser from 5.7.2 to 5.7.3

mitre/saf #7403

5.7.2 → 5.7.3 Patch PR
Open about 1 month ago 1 comment
mitre
Bump fast-xml-parser from 5.7.2 to 5.7.3

mitre/heimdall2 #8064

5.7.2 → 5.7.3 Patch PR
Open about 1 month ago 2 comments
mitre
chore(deps): bump the patch-updates group across 1 directory with 21 updates

openwallet-foundation/credo-ts #2775

4.5.5 → 4.5.6 Patch PR
Open about 1 month ago 1 comment
openwallet-foundation
build(deps): bump the npm_and_yarn group across 3 directories with 20 updates

MetaMask/snap-bitcoin-wallet #603

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 2 comments
MetaMask
chore: bump fast-xml-parser from 5.7.1 to 5.7.2 in /actions/parse-ci-reports in the npm-dependencies group

hoverkraft-tech/ci-github-common #523

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 1 comment
hoverkraft-tech
build(deps): bump the npm_and_yarn group across 4 directories with 17 updates

Dargon789/aa-sdk #143

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 2 comments
Dargon789
fix(deps): Bump the production-dependencies group across 1 directory with 29 updates

castor4bit/epub-image-extractor #278

5.7.0 → 5.7.2 Patch PR
Open about 1 month ago 2 comments
castor4bit
chore(deps): Bump the production-dependencies group with 6 updates

hirokisakabe/pom #690

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 8 comments
hirokisakabe
build(deps): bump the npm_and_yarn group across 39 directories with 6 updates

Dargon789/google-cloud-node #902

4.5.3 → 4.5.6 Patch PR
Closed about 1 month ago 2 comments
Dargon789
Bump fast-xml-parser from 4.5.3 to 4.5.6 in the npm_and_yarn group across 1 directory

matkicyt-coder/studio #4

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 1 comment
matkicyt-coder
build(deps): bump the npm_and_yarn group across 22 directories with 6 updates

Dargon789/google-cloud-node #895

4.5.3 → 4.5.6 Patch PR
Closed about 1 month ago 2 comments
Dargon789
chore(deps): bump the npm_and_yarn group across 2 directories with 28 updates

MetaMask/snap-simple-keyring #174

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 2 comments
MetaMask
build(deps): bump the npm_and_yarn group across 8 directories with 6 updates

Dargon789/google-cloud-node #891

4.5.3 → 4.5.6 Patch PR
Open about 1 month ago 1 comment
Dargon789
CLDR-19055 kbd:(deps): Bump fast-xml-parser from 5.7.0 to 5.7.2 in /tools/scripts/keyboard-abnf-tests

markusicu/cldr #212

5.7.0 → 5.7.2 Patch PR
Open about 1 month ago 1 comment
markusicu
Bump the npm_and_yarn group across 12 directories with 9 updates

docknetwork/wallet-sdk #508

4.5.5 → 4.5.6 Patch PR
Closed about 1 month ago 1 comment
docknetwork
chore(deps): bump fast-xml-parser from 5.7.1 to 5.7.2

camalot/vscode-workspace-tasks #211

5.7.1 → 5.7.2 Patch PR
Closed about 1 month ago 2 comments
camalot
chore(deps): bump the all-dependencies group with 6 updates

laststance/laststance.io #1626

5.7.1 → 5.7.2 Patch PR
Closed about 1 month ago 2 comments
laststance
chore(deps): bump the all-dependencies group in /examples/kit-nextjs-product-listing with 9 updates

sc-sobiyasivakumar/xmcloud-starter-js #236

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 2 comments
sc-sobiyasivakumar
chore(deps-dev): bump the all-dependencies group in /examples/kit-nextjs-skate-park with 2 updates

sc-sobiyasivakumar/xmcloud-starter-js #228

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 2 comments
sc-sobiyasivakumar
chore(deps-dev): bump fast-xml-parser from 5.7.1 to 5.7.2 in /examples/kit-nextjs-product-listing

sc-sobiyasivakumar/xmcloud-starter-js #208

5.7.1 → 5.7.2 Patch PR
Open about 1 month ago 2 comments
sc-sobiyasivakumar
build(deps): bump the npm-dependencies group across 1 directory with 30 updates

alam00000/bentopdf #687

5.7.1 → 5.7.2 Patch PR
Closed about 1 month ago 1 comment
alam00000
build(deps): bump fast-xml-parser from 5.7.1 to 5.7.2

tyamahori/higuma-notify #298

5.7.1 → 5.7.2 Patch PR
Closed about 1 month ago 1 comment
tyamahori
chore(deps): bump fast-xml-parser from 5.7.1 to 5.7.2

irfanshadikrishad/anilist #321

5.7.1 → 5.7.2 Patch PR
Closed about 1 month ago 1 comment
irfanshadikrishad
Package Details
Name: fast-xml-parser
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/fast-xml-parser
JSON API: View JSON
Security Advisories

11

Active advisories
CRITICAL 1
HIGH 5
MODERATE 3
LOW 2
View All npm Advisories
Package Information
Description:

Validate XML, Parse XML, Build XML without C/C++ based libraries

Repository: https://github.com/NaturalIntelligence/fast-xml-parser
Homepage: https://github.com/NaturalIntelligence/fast-xml-parser#readme
Latest Release: 5.2.3
about 1 year ago
Dependent Repos: 157,710
Dependent Packages: 1,935
Downloads: 136,945,118
Ranking: Top 0.0824% by dependent repos Top 0.0233% by downloads Top 0.0402% by dependent pkgs
PR Status
Open 2,488 (37.3%)
Merged 187 (2.8%)
Closed 3,770 (56.6%)
PR Types
Major 1,449 (21.8%)
Minor 3,002 (45.1%)
Patch 1,961 (29.4%)
Removal 19 (0.3%)