{"id":"CLEANSTART-2026-EM10970","summary":"Security fixes for CVE-2017-9233, CVE-2019-15903, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-40674, CVE-2022-43680, CVE-2023-52425, CVE-2023-52426, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2026-24515, CVE-2026-25210, CVE-2026-32767 applied in versions: 2.2.0-r1, 2.2.7-r0, 2.2.7-r1, 2.4.3-r0, 2.4.4-r0, 2.4.5-r0, 2.4.9-r0, 2.5.0-r0, 2.6.0-r0, 2.6.2-r0, 2.6.3-r0, 2.6.4-r0, 2.7.2-r0, 2.7.5-r0","details":"Multiple security vulnerabilities affect the expat package. These issues are resolved in later releases. See references for individual vulnerability details.","modified":"2026-04-01T18:47:41.025683Z","published":"2026-04-01T09:16:01.861201Z","upstream":["CVE-2017-9233","CVE-2019-15903","CVE-2021-45960","CVE-2021-46143","CVE-2022-22822","CVE-2022-22823","CVE-2022-22824","CVE-2022-22825","CVE-2022-22826","CVE-2022-22827","CVE-2022-23852","CVE-2022-23990","CVE-2022-25235","CVE-2022-25236","CVE-2022-25313","CVE-2022-25314","CVE-2022-25315","CVE-2022-40674","CVE-2022-43680","CVE-2023-52425","CVE-2023-52426","CVE-2024-28757","CVE-2024-45490","CVE-2024-45491","CVE-2024-45492","CVE-2024-50602","CVE-2026-24515","CVE-2026-25210","CVE-2026-32767"],"database_specific":{},"references":[{"type":"ADVISORY","url":"https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-EM10970.json"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2017-9233"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-15903"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-45960"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-46143"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-22822"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-22823"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-22824"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-22825"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-22826"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-22827"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-23852"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-23990"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-25235"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-25236"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-25313"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-25314"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-25315"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-40674"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-43680"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2023-52425"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2023-52426"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2024-28757"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2024-45490"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2024-45491"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2024-45492"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2024-50602"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-24515"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-25210"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-32767"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9233"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15903"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45960"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46143"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22822"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22823"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22824"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22825"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22826"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22827"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23852"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23990"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25235"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25236"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25313"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25314"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25315"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40674"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43680"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52425"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52426"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28757"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45490"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45491"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45492"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50602"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24515"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25210"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32767"}],"affected":[{"package":{"name":"expat","ecosystem":"CleanStart"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.5-r0"}]}],"database_specific":{"source":"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-EM10970.json"}}],"schema_version":"1.7.5"}