Skip to content

UPDATE fast-xml-parser to fix CVE-2026-25128 #3060

New issue
New issue
Open
Open
UPDATE fast-xml-parser to fix CVE-2026-25128#3060
@thienscmon

Description

@thienscmon
thienscmon
opened on Feb 3, 2026

Audit Report:

fast-xml-parser  4.3.6 - 5.3.3
Severity: high
fast-xml-parser has RangeError DoS Numeric Entities Bug - https://github.com/advisories/GHSA-37qj-frw5-hhjh
fix available via `npm audit fix --force`
Will install firebase-admin@12.7.0, which is a breaking change
node_modules/fast-xml-parser
  @google-cloud/storage  >=7.12.1
  Depends on vulnerable versions of fast-xml-parser
  node_modules/@google-cloud/storage
    firebase-admin  >=13.0.0
    Depends on vulnerable versions of @google-cloud/storage
    node_modules/firebase-admin

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions