CWE-776
AllowedImproper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Abstraction: Base · Status: Draft
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
142 vulnerabilities reference this CWE, most recent first.
GHSA-W42R-MRX7-C633
Vulnerability from github – Published: 2025-07-07 12:30 – Updated: 2025-07-07 23:59An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting the Papers Loaders package before version 0.3.2 (in llama-index v0.10.0 and above through v0.12.29). This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version 0.3.2 (in llama-index 0.12.29).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "llama-index-readers-papers"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-3225"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-07T23:59:01Z",
"nvd_published_at": "2025-07-07T10:15:27Z",
"severity": "HIGH"
},
"details": "An XML Entity Expansion vulnerability, also known as a \u0027billion laughs\u0027 attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting the Papers Loaders package before version 0.3.2 (in llama-index v0.10.0 and above through v0.12.29). This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version 0.3.2 (in llama-index 0.12.29).",
"id": "GHSA-w42r-mrx7-c633",
"modified": "2025-07-07T23:59:01Z",
"published": "2025-07-07T12:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3225"
},
{
"type": "WEB",
"url": "https://github.com/run-llama/llama_index/commit/4f6ee062b19212106a2632af9c9521fc7f0a3584"
},
{
"type": "PACKAGE",
"url": "https://github.com/run-llama/llama_index"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/e33c0699-e9a2-49aa-837b-5363205637a2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser"
}
GHSA-W4WG-C34C-JF6J
Vulnerability from github – Published: 2025-08-12 15:31 – Updated: 2025-08-12 15:31XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service
{
"affected": [],
"aliases": [
"CVE-2025-5466"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T15:15:31Z",
"severity": "MODERATE"
},
"details": "XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service",
"id": "GHSA-w4wg-c34c-jf6j",
"modified": "2025-08-12T15:31:20Z",
"published": "2025-08-12T15:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5466"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-Multiple-CVEs?language=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WCGR-63G6-PJ93
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
{
"affected": [],
"aliases": [
"CVE-2021-3541"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-09T17:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.",
"id": "GHSA-wcgr-63g6-pj93",
"modified": "2022-05-24T19:07:20Z",
"published": "2022-05-24T19:07:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210805-0007"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WHF4-FPJ8-PGG8
Vulnerability from github – Published: 2024-06-07 21:31 – Updated: 2025-03-31 13:36An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ebookmeta"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-36827"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-07T21:54:40Z",
"nvd_published_at": "2024-06-07T19:15:24Z",
"severity": "HIGH"
},
"details": "An XML External Entity (XXE) vulnerability in the `ebookmeta.get_metadata` function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input.",
"id": "GHSA-whf4-fpj8-pgg8",
"modified": "2025-03-31T13:36:20Z",
"published": "2024-06-07T21:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36827"
},
{
"type": "WEB",
"url": "https://github.com/dnkorpushov/ebookmeta/issues/16#issue-2317712335"
},
{
"type": "PACKAGE",
"url": "https://github.com/dnkorpushov/ebookmeta"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ebookmeta/PYSEC-2024-76.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "ebookmeta XML External Entity vulnerability"
}
GHSA-WQPF-2J2M-Q8Q9
Vulnerability from github – Published: 2022-05-24 17:24 – Updated: 2022-05-24 17:24IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.
{
"affected": [],
"aliases": [
"CVE-2020-4377"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-03T13:15:00Z",
"severity": "MODERATE"
},
"details": "IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.",
"id": "GHSA-wqpf-2j2m-q8q9",
"modified": "2022-05-24T17:24:53Z",
"published": "2022-05-24T17:24:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4377"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179156"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6252853"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-X6RX-7HMF-R792
Vulnerability from github – Published: 2022-05-24 17:15 – Updated: 2024-04-04 02:49InstallBuilder AutoUpdate tool and regular installers enabling built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).
{
"affected": [],
"aliases": [
"CVE-2020-3946"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-20T20:15:00Z",
"severity": "HIGH"
},
"details": "InstallBuilder AutoUpdate tool and regular installers enabling \u003ccheckForUpdates\u003e built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).",
"id": "GHSA-x6rx-7hmf-r792",
"modified": "2024-04-04T02:49:57Z",
"published": "2022-05-24T17:15:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3946"
},
{
"type": "WEB",
"url": "https://blog.installbuilder.com/2019/12/configure-autoupdate-project-settings.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X9C5-C5MJ-WJJX
Vulnerability from github – Published: 2022-05-01 23:58 – Updated: 2025-04-09 03:57libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
{
"affected": [],
"aliases": [
"CVE-2008-3281"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-08-27T20:41:00Z",
"severity": "MODERATE"
},
"details": "libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.",
"id": "GHSA-x9c5-c5mj-wjjx",
"modified": "2025-04-09T03:57:49Z",
"published": "2022-05-01T23:58:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3281"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458086"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6496"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9812"
},
{
"type": "WEB",
"url": "https://rhn.redhat.com/errata/RHSA-2008-0836.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/644-1"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00261.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00347.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000039.html"
},
{
"type": "WEB",
"url": "http://mail.gnome.org/archives/xml/2008-August/msg00034.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31558"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31566"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31590"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31728"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31748"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31855"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31982"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32488"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32807"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32974"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35379"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200812-06.xml"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3613"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3639"
},
{
"type": "WEB",
"url": "http://svn.gnome.org/viewvc/libxml2?view=revision\u0026revision=3772"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0325"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2008/dsa-1631"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:180"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:192"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/30783"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1020728"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-640-1"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/2419"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/2843"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"type": "WEB",
"url": "http://xmlsoft.org/news.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XHW9-WR24-M88V
Vulnerability from github – Published: 2024-06-14 03:31 – Updated: 2024-07-04 06:35Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL.
{
"affected": [],
"aliases": [
"CVE-2024-27142"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-14T03:15:10Z",
"severity": "MODERATE"
},
"details": "Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve information. As for the affected products/models/versions, see the reference URL.",
"id": "GHSA-xhw9-wr24-m88v",
"modified": "2024-07-04T06:35:01Z",
"published": "2024-06-14T03:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27142"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU97136265/index.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/20240531_01.html"
},
{
"type": "WEB",
"url": "https://www.toshibatec.com/information/pdf/information20240531_01.pdf"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jul/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XP8P-9RQ5-4WGV
Vulnerability from github – Published: 2022-05-17 03:16 – Updated: 2023-08-03 21:53The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "zendframework/zendframework"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.4.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "zendframework/zendframework"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "zendframework/zendframework1"
},
"ranges": [
{
"events": [
{
"introduced": "1.12.0"
},
{
"fixed": "1.12.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "zendframework/zendxml"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "zendframework/zendframework"
},
"ranges": [
{
"events": [
{
"introduced": "1.12.0"
},
{
"fixed": "1.12.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-5161"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-03T21:53:46Z",
"nvd_published_at": "2015-08-25T17:59:00Z",
"severity": "MODERATE"
},
"details": "The `Zend_Xml_Security::scan` in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.",
"id": "GHSA-xp8p-9rq5-4wgv",
"modified": "2023-08-03T21:53:46Z",
"published": "2022-05-17T03:16:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5161"
},
{
"type": "WEB",
"url": "https://github.com/zendframework/zf1/issues/393"
},
{
"type": "WEB",
"url": "https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532"
},
{
"type": "WEB",
"url": "https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b"
},
{
"type": "WEB",
"url": "https://framework.zend.com/security/advisory/ZF2015-06"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/37765"
},
{
"type": "WEB",
"url": "http://framework.zend.com/security/advisory/ZF2015-06"
},
{
"type": "WEB",
"url": "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2015/Aug/46"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3340"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/76177"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "ZendXml and Zend Framework contain XXE and XEE Vulnerabilities"
}
GHSA-XPQW-6GX7-V673
Vulnerability from github – Published: 2026-03-04 22:59 – Updated: 2026-03-06 21:58Summary
SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file (811 bytes) stalling the application and even crashing the Node.js process with JavaScript heap out of memory.
Details
The upstream XML parser (sax) doesn't interpret custom XML entities by default. We pattern matched custom XML entities from the DOCTYPE, inserting them into parser.ENTITIES, and enabled unparsedEntities. This gives us the desired behavior of supporting SVGs with entities declared in the DOCTYPE.
However, entities can reference other entities, which can enable small SVGs to explode exponentially when we try to parse them.
Proof of Concept
import { optimize } from 'svgo';
/** Presume that this string was obtained in some other way, such as network. */
const original = `
<?xml version="1.0"?>
<!DOCTYPE lolz [
<!ENTITY lol "lol">
<!ELEMENT lolz (#PCDATA)>
<!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
<!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
<!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
<!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
<!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
<!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
<!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
<!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
<!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>
<lolz>&lol9;</lolz>
`;
optimize(original);
Impact
If SVGO is run on untrusted input (i.e., user uploaded to server-side application), then the untrusted SVG can effectively stall or crash the application with an SVG < 1 KB in size.
It's unlikely to impact users who just use SVGO locally on their own SVGs or in build pipelines.
Patches
SVGO has patched v4.0.1, v3.3.3, and v2.8.1! However, it's strongly recommended to upgrade to v4 regardless, as previous versions are not officially supported anymore.
Workarounds
== 4.0.0
For v4, users do not specifically have to upgrade SVGO, though it is recommended to do so. A package manager can be used to upgrade sax recursively:
For example:
yarn up -R sax
New options were introduced upstream which makes the way SVGO parses SVGs safe by default.
>= 2.1.0, <= 3.3.2
Users of v3 and v2 will have to take manual action. If users can't upgrade, they may be able to work around this as long as the project doesn't require support for custom XML entities, though it's not a simple flag.
Parse the DOCTYPE directly and check for the presence of custom entities. If entities are present, throw/escape before passing them to SVGO.
+ import SAX from 'sax';
import { optimize } from 'svgo';
- const original =`
+ let original = `
<?xml version="1.0"?>
<!DOCTYPE lolz [
<!ENTITY lol "lol">
<!ELEMENT lolz (#PCDATA)>
<!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
<!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
<!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
<!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
<!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
<!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
<!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
<!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
<!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>
<lolz>&lol9;</lolz>
`;
+ const parser = SAX.parser();
+ /** @param {string} doctype */
+ parser.ondoctype = (doctype) => {
+ original = original.replace(doctype, '');
+ }
+ parser.write(original);
optimize(original);
Resources
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "svgo"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "svgo"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "svgo"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.0.0"
]
}
],
"aliases": [
"CVE-2026-29074"
],
"database_specific": {
"cwe_ids": [
"CWE-776"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-04T22:59:28Z",
"nvd_published_at": "2026-03-06T08:16:26Z",
"severity": "HIGH"
},
"details": "### Summary\n\nSVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file (811 bytes) stalling the application and even crashing the Node.js process with `JavaScript heap out of memory`.\n\n### Details\n\nThe upstream XML parser ([sax](https://www.npmjs.com/package/sax)) doesn\u0027t interpret custom XML entities by default. We pattern matched custom XML entities from the `DOCTYPE`, inserting them into `parser.ENTITIES`, and enabled `unparsedEntities`. This gives us the desired behavior of supporting SVGs with entities declared in the `DOCTYPE`.\n\nHowever, entities can reference other entities, which can enable small SVGs to explode exponentially when we try to parse them.\n\n#### Proof of Concept\n\n```js\nimport { optimize } from \u0027svgo\u0027;\n\n/** Presume that this string was obtained in some other way, such as network. */\nconst original = `\n \u003c?xml version=\"1.0\"?\u003e\n \u003c!DOCTYPE lolz [\n \u003c!ENTITY lol \"lol\"\u003e\n \u003c!ELEMENT lolz (#PCDATA)\u003e\n \u003c!ENTITY lol1 \"\u0026lol;\u0026lol;\u0026lol;\u0026lol;\u0026lol;\u0026lol;\u0026lol;\u0026lol;\u0026lol;\u0026lol;\"\u003e\n \u003c!ENTITY lol2 \"\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\"\u003e\n \u003c!ENTITY lol3 \"\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\"\u003e\n \u003c!ENTITY lol4 \"\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\"\u003e\n \u003c!ENTITY lol5 \"\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\"\u003e\n \u003c!ENTITY lol6 \"\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\"\u003e\n \u003c!ENTITY lol7 \"\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\"\u003e\n \u003c!ENTITY lol8 \"\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\"\u003e\n \u003c!ENTITY lol9 \"\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\"\u003e\n ]\u003e\n \u003clolz\u003e\u0026lol9;\u003c/lolz\u003e\n`;\n\noptimize(original);\n```\n\n### Impact\n\nIf SVGO is run on untrusted input (i.e., user uploaded to server-side application), then the untrusted SVG can effectively stall or crash the application with an SVG \u003c 1\u00a0KB in size.\n\nIt\u0027s unlikely to impact users who just use SVGO locally on their own SVGs or in build pipelines.\n\n### Patches\n\nSVGO has patched v4.0.1, v3.3.3, and v2.8.1! However, it\u0027s strongly recommended to upgrade to v4 regardless, as previous versions are not officially supported anymore.\n\n### Workarounds\n\n#### == 4.0.0\n\nFor v4, users do not specifically have to upgrade SVGO, though it is recommended to do so. A package manager can be used to upgrade sax recursively:\n\nFor example:\n\n```sh\nyarn up -R sax\n```\n\nNew options were introduced upstream which makes the way SVGO parses SVGs safe by default.\n\n#### \u003e= 2.1.0, \u003c= 3.3.2\n\nUsers of v3 and v2 will have to take manual action. If users can\u0027t upgrade, they may be able to work around this as long as the project doesn\u0027t require support for custom XML entities, though it\u0027s not a simple flag.\n\nParse the DOCTYPE directly and check for the presence of custom entities. If entities are present, throw/escape before passing them to SVGO.\n\n```diff\n+ import SAX from \u0027sax\u0027;\n import { optimize } from \u0027svgo\u0027;\n\n- const original =`\n+ let original = `\n \u003c?xml version=\"1.0\"?\u003e\n \u003c!DOCTYPE lolz [\n \u003c!ENTITY lol \"lol\"\u003e\n \u003c!ELEMENT lolz (#PCDATA)\u003e\n \u003c!ENTITY lol1 \"\u0026lol;\u0026lol;\u0026lol;\u0026lol;\u0026lol;\u0026lol;\u0026lol;\u0026lol;\u0026lol;\u0026lol;\"\u003e\n \u003c!ENTITY lol2 \"\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\u0026lol1;\"\u003e\n \u003c!ENTITY lol3 \"\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\u0026lol2;\"\u003e\n \u003c!ENTITY lol4 \"\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\u0026lol3;\"\u003e\n \u003c!ENTITY lol5 \"\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\u0026lol4;\"\u003e\n \u003c!ENTITY lol6 \"\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\u0026lol5;\"\u003e\n \u003c!ENTITY lol7 \"\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\u0026lol6;\"\u003e\n \u003c!ENTITY lol8 \"\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\u0026lol7;\"\u003e\n \u003c!ENTITY lol9 \"\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\u0026lol8;\"\u003e\n ]\u003e\n \u003clolz\u003e\u0026lol9;\u003c/lolz\u003e\n `;\n\n+ const parser = SAX.parser();\n+ /** @param {string} doctype */\n+ parser.ondoctype = (doctype) =\u003e {\n+ original = original.replace(doctype, \u0027\u0027);\n+ }\n+ parser.write(original);\n\n optimize(original);\n```\n\n### Resources\n\n* [Wikipedia: Billion laughs attack](https://en.wikipedia.org/wiki/Billion_laughs_attack)",
"id": "GHSA-xpqw-6gx7-v673",
"modified": "2026-03-06T21:58:08Z",
"published": "2026-03-04T22:59:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"type": "PACKAGE",
"url": "https://github.com/svg/svgo"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)"
}
Mitigation
If possible, prohibit the use of DTDs or use an XML parser that limits the expansion of recursive DTD entities.
Mitigation
Before parsing XML files with associated DTDs, scan for recursive entity declarations and do not continue parsing potentially explosive content.
CAPEC-197: Exponential Data Expansion
An adversary submits data to a target application which contains nested exponential data expansion to produce excessively large output. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.