{"id":"CLEANSTART-2026-MH09144","summary":"issue was discovered in libexpat before 2","details":"Multiple security vulnerabilities affect the expat package. An issue was discovered in libexpat before 2. See references for individual vulnerability details.","modified":"2026-04-02T08:32:08.377189Z","published":"2026-02-13T00:45:17.459930Z","upstream":["CVE-2017-9233","CVE-2019-15903","CVE-2021-45960","CVE-2021-46143","CVE-2022-22822","CVE-2022-22823","CVE-2022-22824","CVE-2022-22825","CVE-2022-22826","CVE-2022-22827","CVE-2022-23852","CVE-2022-23990","CVE-2022-25235","CVE-2022-25236","CVE-2022-25313","CVE-2022-25314","CVE-2022-25315","CVE-2022-40674","CVE-2022-43680","CVE-2023-52425","CVE-2023-52426","CVE-2024-28757","CVE-2024-45490","CVE-2024-45491","CVE-2024-45492","CVE-2024-50602"],"database_specific":{},"references":[{"type":"ADVISORY","url":"https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-MH09144"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2017-9233"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-15903"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-45960"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-46143"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-22822"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-22823"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-22824"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-22825"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-22826"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-22827"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-23852"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-23990"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-25235"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-25236"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-25313"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-25314"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-25315"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-40674"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-43680"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2023-52425"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2023-52426"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2024-28757"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2024-45490"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2024-45491"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2024-45492"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2024-50602"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9233"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15903"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45960"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-46143"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22822"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22823"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22824"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22825"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22826"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22827"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23852"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23990"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25235"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25236"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25313"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25314"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25315"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40674"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43680"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52425"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52426"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28757"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45490"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45491"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45492"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50602"}],"affected":[{"package":{"name":"expat","ecosystem":"CleanStart"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.2-r0"}]}],"database_specific":{"source":"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-MH09144.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}