pkg:Debian/node-webfont

All known vulnerabilities

• CRITICAL9.3CVE-2026-25896fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names
  from 0
• HIGH7.5CVE-2026-33036fast-xml-parser affected by numeric entity expansion bypassing all entity expansion limits (incomplete fix for CVE-2026-26278)
  from 0
• HIGH7.5CVE-2026-27942fast-xml-parser has stack overflow in XMLBuilder with preserveOrder
  from 0
• HIGH7.5CVE-2026-26278fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit)
  from 0
• MEDIUM6.5CVE-2023-26920fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
  from 0
• MEDIUM6.1CVE-2026-41650fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters
  from 0
• MEDIUM5.9CVE-2026-33349Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser
  from 0