Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-x3vf-39hj-gxr4: Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez

Bio.Entrez in Biopython through 1.86 allows doctype XXE.

ghsa
Open in Source
#git#intel

Skip to content

Navigation Menu

    • AI CODE CREATION

      • GitHub CopilotWrite better code with AI

      • GitHub SparkBuild and deploy intelligent apps

      • GitHub ModelsManage and compare prompts

      • MCP RegistryNewIntegrate external tools

View all features
  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-68463

Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez

Moderate severity GitHub Reviewed Published Dec 18, 2025 to the GitHub Advisory Database • Updated Dec 18, 2025

Package

pip biopython (pip)

Affected versions

<= 1.86

Description

Published to the GitHub Advisory Database

Dec 18, 2025

Last updated

Dec 18, 2025

EPSS score

ghsa: Latest News

GHSA-24v3-254g-jv85: Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature
ghsa