# libxml2 2.15.3

Read-only mirror of https://gitlab.gnome.org/GNOME/libxml2

Snapshot of gominimal/pkgs commit `cd4b09dd2f492c47fba70eb1b8a8c724dabdc7e9` (pushed 2026-07-10T23:16:55.000Z).

## Install

```sh
min add libxml2
```

## Direct advisories

| ID | Severity | CVSS | Fix status | Fixed version | Summary |
| --- | --- | --- | --- | --- | --- |
| CVE-2026-11979 | LOW | — | fixed | — | Stack-Based Buffer Overflow in libxml2 |

## Transitive advisories

5 advisories inherited through runtime dependencies:

- CVE-2026-4046 (HIGH) via glibc
- CVE-2026-4437 (HIGH) via glibc
- CVE-2026-4438 (MEDIUM) via glibc
- CVE-2026-5450 (CRITICAL) via glibc
- CVE-2026-5928 (HIGH) via glibc

## Dependencies

- Build (8): base, cmake, make, toolchain, pkgconf, icu, xz, zlib
- Runtime (4): glibc, icu, xz, zlib

## Scorecard

| Category | Score | Band |
| --- | --- | --- |
| supply-chain | 50 | mid |
| advisories | 10 | low |
| quality | 25 | low |
| maintenance | 50 | mid |
| licence | 90 | good |

## Links

- Homepage: https://gitlab.gnome.org/GNOME/libxml2
- Package page (HTML): https://minimal.dev/pkgs/libxml2
- JSON API (floats latest): https://minimal.dev/api/pkgs/libxml2.json
- SBOM (CycloneDX 1.5): https://minimal.dev/api/pkgs/libxml2/sbom.json
