Security
Headlines

Headlines Latest CVEs

Headline

GHSA-24hm-wm2h-h8w7: Peppol-py is vulnerable to XXE attacks due to Saxon configuration

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host.

6 days ago

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-66371

Peppol-py is vulnerable to XXE attacks due to Saxon configuration

Moderate severity GitHub Reviewed Published Nov 28, 2025 to the GitHub Advisory Database • Updated Dec 1, 2025

Package

pip peppol_py (pip)

Affected versions

< 1.1.1

Description

Published to the GitHub Advisory Database

Nov 28, 2025

ghsa: Latest News

GHSA-2cgv-28vr-rv6j: libcrux incorrectly calculates on aarch64

8 hours ago

GHSA-4hr2-xf7w-jf76: Central Dogma's Login Function Has an Open Redirect Vulnerability

9 hours ago

GHSA-9gqj-5w7c-vx47: Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing

9 hours ago

GHSA-869p-cjfg-cm3x: auth0/node-jws Improperly Verifies HMAC Signature

9 hours ago

GHSA-wvxp-jp4w-w8wg: mcp-server-kubernetes has potential security issue in exec_in_pod tool

1 day ago