{"package":"libxmljs","ecosystem":"npm","latest_version":"1.0.11","description":"libxml bindings for v8 javascript engine","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/libxmljs/libxmljs#readme","repository":"ssh://git@github.com/libxmljs/libxmljs","downloads_weekly":100924,"health":{"score":38,"risk":"critical","breakdown":{"maintenance":0,"popularity":14,"security":0,"maturity":15,"community":9},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":2,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2024-34391","severity":"critical","summary":"libxmljs vulnerable to type confusion when parsing specially crafted XML","affected_versions":"<=1.0.11","fixed_version":null,"source":"osv","published_at":"2024-05-02T21:30:29Z","in_kev":false,"epss_prob":0.03183,"epss_percentile":0.8701,"threat_tier":"theoretical"},{"vuln_id":"CVE-2025-25341","severity":"high","summary":"libxmljs has segmentation fault, potentially leading to a denial-of-service (DoS)","affected_versions":"<=1.0.11","fixed_version":null,"source":"osv","published_at":"2025-12-26T15:30:17Z","in_kev":false,"epss_prob":0.00034,"epss_percentile":0.10039,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-34392","severity":"critical","summary":"libxmljs vulnerable to type confusion when parsing specially crafted XML ","affected_versions":"<=1.0.11","fixed_version":null,"source":"osv","published_at":"2024-05-02T21:30:29Z","in_kev":false,"epss_prob":0.03183,"epss_percentile":0.8701,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.0.11","total_count":55,"recent":["0.18.9-pre0","0.19.0","0.19.1","0.19.3","0.19.5","0.19.7","0.19.8","0.19.9","0.19.10","1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.6","1.0.7","1.0.8","1.0.9","1.0.10","1.0.11"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":3,"first_published":"2011-06-04T20:56:17.166Z","last_published":"2023-10-18T14:43:16.230Z","dependencies_count":3,"dependencies":["@mapbox/node-pre-gyp","bindings","nan"]},"github_stats":{"stars":1060,"forks":262,"open_issues":69,"is_archived":false,"pushed_at":"2026-01-12T01:41:03Z","subscribers_count":24},"bundle":null,"typescript":{"score":10,"has_types":true,"types_source":"bundled","types_package":null},"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Low health score (38/100)","1 high severity vulnerabilities","2 critical vulnerabilities"],"use_version":"1.0.11","version_hint":null,"summary":"libxmljs has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":541,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":5443,"last_release_days_ago":924,"avg_days_between_releases":286,"release_velocity":"stale"}}