Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-66371
CVE-2025-66371
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host.
Published Dec 1, 2025
https://github.com/iterasdev/peppol-py/releases/tag/1.1.1
CVSS Score
Medium
5.0
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
pypi
peppol-py
1.0.0
pypi
peppol-py
1.1.0
1-2 of 2
CVE-2025-66371 | Components Impacted | Sonatype Guide | Sonatype Guide
