Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2026-25210
CVE-2026-25210
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
Published Feb 5, 2026
https://github.com/advisories/GHSA-857q-6v86-xp84
CVSS Score
High
7.8
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
conan
bincrafters/expat
2.2.5
cocoapods
expat
2.1.1
cocoapods
expat
2.1
cocoapods
expat
2.2
conan
expat
2.2.10
conan
expat
2.2.7
conan
expat
2.2.8
conan
expat
2.2.9
conan
expat
2.3.0
conan
expat
2.4.1
conan
expat
2.4.2
conan
expat
2.4.3
conan
expat
2.4.4
conan
expat
2.4.5
conan
expat
2.4.6
conan
expat
2.4.7
conan
expat
2.4.8
conan
expat
2.4.9
conan
expat
2.5.0
conan
expat
2.6.0
conan
expat
2.6.1
conan
expat
2.6.2
conan
expat
2.6.3
conan
expat
2.6.4
conan
expat
2.7.0
conan
expat
2.7.1
conan
expat
2.7.2
conan
expat
2.7.3
nuget
expat
2.1.0.10
nuget
expat
2.1.0.11
nuget
expat
2.1.0.4
nuget
expat
2.1.0.5
nuget
expat
2.1.0.6
nuget
expat
2.1.0.8
rpm
expat
1.95.8-11.el5_8
rpm
expat
1.95.8-8.3.el5_5.3
rpm
expat
2.0.1-11.el6_2
rpm
expat
2.0.1-13.el6_8
rpm
expat
2.0.1-9.1.el6
rpm
expat
2.1.0-10.el7_3
rpm
expat
2.1.0-11.el7
rpm
expat
2.1.0-12.0.1.el7
rpm
expat
2.1.0-12.el7
rpm
expat
2.1.0-14.0.1.el7_9
rpm
expat
2.1.0-15.0.1.el7_9
rpm
expat
2.1.0-8.el7
rpm
expat
2.2.10-12.el9_0.2
rpm
expat
2.2.10-12.el9_0.3
rpm
expat
2.2.10-12.el9_0
rpm
expat
2.2.5-10.0.1.el8
1-50 of 162
CVE-2026-25210 | Components Impacted | Sonatype Guide | Sonatype Guide
