Vulnerable Library - yfinance-0.2.27-py2.py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: b2b2eb325dc81df00162fc7b87524324be1c6492
Vulnerabilities
| Vulnerability |
Severity |
CVSS |
Dependency |
Type |
Fixed in (yfinance version) |
Remediation Possible** |
| CVE-2026-49477 |
High |
7.5 |
soupsieve-2.4.1-py3-none-any.whl |
Transitive |
N/A* |
❌ |
| CVE-2026-49476 |
High |
7.5 |
soupsieve-2.4.1-py3-none-any.whl |
Transitive |
N/A* |
❌ |
| CVE-2026-41066 |
High |
7.5 |
lxml-4.9.3-cp37-cp37m-manylinux_2_28_x86_64.whl |
Transitive |
0.2.28 |
❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2026-49477
Vulnerable Library - soupsieve-2.4.1-py3-none-any.whl
A modern CSS selector implementation for Beautiful Soup.
Library home page: https://files.pythonhosted.org/packages/49/37/673d6490efc51ec46d198c75903d99de59baffdd47aea3d071b80a9e4e89/soupsieve-2.4.1-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
- yfinance-0.2.27-py2.py3-none-any.whl (Root Library)
- beautifulsoup4-4.12.2-py3-none-any.whl
- ❌ soupsieve-2.4.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: b2b2eb325dc81df00162fc7b87524324be1c6492
Found in base branch: main
Vulnerability Details
Summary The CSS selector parser in soupsieve (the CSS selector engine for Beautiful Soup 4) contains a regular expression vulnerable to catastrophic backtracking. When processing an attribute selector with an unterminated quoted value, the "VALUE" regex pattern in "css_parser.py" enters exponential backtracking. A payload of only 300 bytes causes the regex engine to hang for over 3 seconds, enabling a trivial Regular Expression Denial of Service (ReDoS) attack. To be completely transparent, AI tools helped surface this issue. However, this was independently reproduced and carefully validated. Any application that passes untrusted CSS selector strings to "soupsieve.compile()" or Beautiful Soup's ".select()" / ".select_one()" is affected. Details Affected code: "soupsieve/css_parser.py", line ~121 - "RE_VALUES" / "VALUE" regex pattern The soupsieve CSS parser uses a compiled regular expression to tokenise attribute selector values. This pattern matches both quoted strings (""value"" or "'value'") and unquoted identifiers. The regex contains alternation branches for: 1. Double-quoted strings: ""[^"](?:.[^"])"" 2. Single-quoted strings: "'[^'](?:.[^'])'" 3. Unquoted identifiers When an attribute selector contains an unterminated quoted value - e.g., "[a="xxxx..." (opening """ but no closing """) -” the regex engine attempts to match the quoted-string branch. After that branch fails (no closing quote), the engine backtracks and attempts to match the remaining input against subsequent alternation branches and parent patterns. The structure of the pattern causes catastrophic backtracking where the number of backtracking steps grows exponentially with the length of the content between the opening quote and the end of the string. Root cause: The regex pattern does not anchor or guard against the case where a quoted string is never terminated. The overlapping character classes across alternation branches create exponential backtracking when the quoted-string branch fails on long input. Key characteristics: - Input size: Only 300 bytes are needed to trigger a >3 second hang - Amplification: Each additional character approximately doubles the backtracking time - No memory impact: The attack consumes CPU only (regex backtracking is compute-bound) Proof of Concept import time import soupsieve as sv PAYLOAD_LEN = 300 Control: well-formed selector with terminated quote (completes instantly) well_formed = '[a="' + ('x' * PAYLOAD_LEN) + '"]' start = time.perf_counter() try: sv.compile(well_formed) except Exception: pass control_time = time.perf_counter() - start print(f"Well-formed selector ({len(well_formed)} bytes): {control_time:.4f}s") Exploit: unterminated quote triggers catastrophic regex backtracking malformed = '[a="' + ('x' * PAYLOAD_LEN) start = time.perf_counter() try: sv.compile(malformed) # WARNING: This will hang for >3 seconds except Exception: pass exploit_time = time.perf_counter() - start print(f"Malformed selector ({len(malformed)} bytes): {exploit_time:.4f}s") slowdown = exploit_time / max(control_time, 1e-9) print(f"Slowdown: {slowdown:.0f}x") Expected output: Well-formed selector (306 bytes): ~0.001s Malformed selector (304 bytes): >3.0s (may need to be killed) Slowdown: >3000x NOTE: On some systems the malformed selector may hang indefinitely. Use a timeout mechanism (signal.alarm, threading.Timer) when testing. Safe testing variant with timeout: import signal import soupsieve as sv def timeout_handler(signum, frame): raise TimeoutError("ReDoS confirmed: regex backtracking exceeded timeout") PAYLOAD_LEN = 300 malformed = '[a="' + ('x' * PAYLOAD_LEN) signal.signal(signal.SIGALRM, timeout_handler) signal.alarm(3) # 3-second timeout try: sv.compile(malformed) print("Selector compiled (not vulnerable)") except TimeoutError as e: print(f"VULNERABLE: {e}") except Exception as e: print(f"Other error: {e}") finally: signal.alarm(0) # Cancel the alarm Impact Severity: High An attacker can cause CPU exhaustion on any server-side Python application that compiles user-supplied CSS selectors via soupsieve. The attack is particularly dangerous because: 1. Tiny payload: Only 300 bytes are needed - well within typical URL parameter, form field, or API request limits 2. No special characters: The payload consists entirely of printable ASCII characters ("[a="xxx...") 3. Exponential scaling: Each additional byte approximately doubles the backtracking time, making the attack easily tuneable 4. Thread blocking: The regex engine blocks the calling thread with no opportunity for interruption (except via OS signals) | Parameter | Value | |---|---| | Input size | 300 bytes | | CPU time consumed | >3 seconds (exponential with payload length) | | Memory consumed | Negligible (CPU-only attack) | | Authentication required | None | | User interaction required | None | Deployment impact: In threaded or async web applications, a single malicious request blocks a worker thread for the duration of the backtracking. An attacker can submit multiple concurrent requests to exhaust all available workers, causing complete service denial. The small payload size makes the attack easy to deliver and difficult to detect via request size limits. Downstream exposure: soupsieve is an automatic dependency of "beautifulsoup4", one of the most widely installed Python packages. Any web application, API, or service that accepts CSS selectors from users is potentially affected. Credit The vulnerability was discovered by a security research team from the University of Sydney, whose focus is detecting open source software vulnerabilities. Liyi Zhou: https://lzhou1110.github.io/ Ziyue Wang: https://zyy0530.github.io/ Strick: https://str1ckl4nd.github.io/ Maurice: https://maurice.busystar.org/ Chenchen Yu: https://7thparkk.github.io/
Publish Date: 2026-07-09
URL: CVE-2026-49477
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-836r-79rf-4m37
Release Date: 2026-07-09
Fix Resolution: soupsieve - 2.8.4,soupsieve - 2.8.4
Step up your Open Source Security Game with Mend here
CVE-2026-49476
Vulnerable Library - soupsieve-2.4.1-py3-none-any.whl
A modern CSS selector implementation for Beautiful Soup.
Library home page: https://files.pythonhosted.org/packages/49/37/673d6490efc51ec46d198c75903d99de59baffdd47aea3d071b80a9e4e89/soupsieve-2.4.1-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
- yfinance-0.2.27-py2.py3-none-any.whl (Root Library)
- beautifulsoup4-4.12.2-py3-none-any.whl
- ❌ soupsieve-2.4.1-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: b2b2eb325dc81df00162fc7b87524324be1c6492
Found in base branch: main
Vulnerability Details
Summary The CSS selector parser in soupsieve (the CSS selector engine for Beautiful Soup 4) allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to "soupsieve.compile()" or Beautiful Soup's ".select()" / ".select_one()" can cause the application to allocate hundreds of megabytes of heap memory from a relatively small input, leading to memory exhaustion and denial of service. To be completely transparent, AI tools helped surface this issue. However, it was independently reproduced and carefully validated. Researchers follow responsible disclosure practices and originally shared this report privately. A 500 KB selector string triggers allocation of approximately 244 MB of heap memory - a 488x— amplification ratio**. Details Affected code: "soupsieve/css_parser.py", lines ~204, 925, 1106 The soupsieve CSS parser splits comma-separated selector lists and creates one "CSSSelector" object per list item. Each "CSSSelector" object contains parsed selector data structures including "SelectorList", "Selector", and associated tag/attribute/pseudo-class metadata. When a selector string such as "a,a,a,..." (with 250,000 comma-separated items) is passed to "sv.compile()", the parser: 1. Tokenises the entire string and identifies each comma-delimited segment (line ~1106) 2. Parses each segment into a full "Selector" object with all associated metadata (line ~925) 3. Stores all parsed selectors in a "SelectorList" (line ~204) Root cause: No limit is enforced on the number of selectors in a comma-separated list. The parser will attempt to parse and store an arbitrary number of selectors, with each selector object consuming approximately 976 bytes of heap memory. The total allocation scales linearly with the number of list items, but the amplification ratio (output memory / input bytes) is extremely high because each single-character selector like "a" expands into a complex object graph. Attack surface: Any application that passes user-supplied CSS selectors to "soupsieve.compile()" or Beautiful Soup's ".select()" / ".select_one()". Proof of Concept import tracemalloc import soupsieve as sv tracemalloc.start() Build a 500 KB selector string: "a,a,a,...,a" (250,000 items) count = 250_000 selector = ",".join("a" for _ in range(count)) print(f"Selector string size: {len(selector):,} bytes ({len(selector) / 1024:.0f} KB)") Compile the selector — this allocates ~244 MB compiled = sv.compile(selector) current, peak = tracemalloc.get_traced_memory() tracemalloc.stop() print(f"Compiled selector count: {len(compiled.selectors):,}") print(f"Current memory: {current / 1024 / 1024:.1f} MB") print(f"Peak memory: {peak / 1024 / 1024:.1f} MB") print(f"Amplification ratio: {peak / len(selector):.0f}x") Expected output: Selector string size: 499,999 bytes (488 KB) Compiled selector count: 250,000 Current memory: ~244 MB Peak memory: ~244 MB Amplification ratio: ~488x Impact Severity: High An attacker can exhaust available memory on any server-side Python application that compiles user-supplied CSS selectors via soupsieve. This can cause: - OOM kills in containerised deployments (Kubernetes pods, Docker containers) with memory limits - Swap thrashing on bare-metal servers, degrading performance for all co-located processes - Process termination via Python's "MemoryError" exception if the system runs out of addressable memory | Parameter | Value | |---|---| | Input size | ~500 KB selector string | | Memory allocated | ~244 MB | | Amplification ratio | ~488× | | Per-object overhead | ~976 bytes per selector | | Authentication required | None | | User interaction required | None | Scalability of attack: The memory allocation scales linearly - doubling the selector count doubles memory usage. An attacker can tune the payload to exactly exhaust a target's memory limits. Multiple concurrent requests multiply the effect. Downstream exposure: soupsieve is an automatic dependency of "beautifulsoup4", one of the most widely installed Python packages. Any web application accepting CSS selectors from users (e.g., web scraping APIs, content filtering tools, CMS preview features) is potentially affected. Credit Discovered by a security research team from the University of Sydney, focused on detecting open source software vulnerabilities. Liyi Zhou: https://lzhou1110.github.io/ Ziyue Wang: https://zyy0530.github.io/ Strick: https://str1ckl4nd.github.io/ Maurice: https://maurice.busystar.org/ Chenchen Yu: https://7thparkk.github.io/
Publish Date: 2026-07-09
URL: CVE-2026-49476
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-2wc2-fm75-p42x
Release Date: 2026-07-09
Fix Resolution: soupsieve - 2.8.4,soupsieve - 2.8.4
Step up your Open Source Security Game with Mend here
CVE-2026-41066
Vulnerable Library - lxml-4.9.3-cp37-cp37m-manylinux_2_28_x86_64.whl
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
Library home page: https://files.pythonhosted.org/packages/06/d4/f95105414c4bf7e4c87ec5e3c600dd88909c628d77a2760c0e5ef186bba4/lxml-4.9.3-cp37-cp37m-manylinux_2_28_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
- yfinance-0.2.27-py2.py3-none-any.whl (Root Library)
- ❌ lxml-4.9.3-cp37-cp37m-manylinux_2_28_x86_64.whl (Vulnerable Library)
Found in HEAD commit: b2b2eb325dc81df00162fc7b87524324be1c6492
Found in base branch: main
Vulnerability Details
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0.
Publish Date: 2026-04-24
URL: CVE-2026-41066
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-vfmq-68hx-4jfw
Release Date: 2026-04-22
Fix Resolution (lxml): 6.1.0
Direct dependency fix Resolution (yfinance): 0.2.28
Step up your Open Source Security Game with Mend here
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: b2b2eb325dc81df00162fc7b87524324be1c6492
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - soupsieve-2.4.1-py3-none-any.whl
A modern CSS selector implementation for Beautiful Soup.
Library home page: https://files.pythonhosted.org/packages/49/37/673d6490efc51ec46d198c75903d99de59baffdd47aea3d071b80a9e4e89/soupsieve-2.4.1-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: b2b2eb325dc81df00162fc7b87524324be1c6492
Found in base branch: main
Vulnerability Details
Summary The CSS selector parser in soupsieve (the CSS selector engine for Beautiful Soup 4) contains a regular expression vulnerable to catastrophic backtracking. When processing an attribute selector with an unterminated quoted value, the "VALUE" regex pattern in "css_parser.py" enters exponential backtracking. A payload of only 300 bytes causes the regex engine to hang for over 3 seconds, enabling a trivial Regular Expression Denial of Service (ReDoS) attack. To be completely transparent, AI tools helped surface this issue. However, this was independently reproduced and carefully validated. Any application that passes untrusted CSS selector strings to "soupsieve.compile()" or Beautiful Soup's ".select()" / ".select_one()" is affected. Details Affected code: "soupsieve/css_parser.py", line ~121 - "RE_VALUES" / "VALUE" regex pattern The soupsieve CSS parser uses a compiled regular expression to tokenise attribute selector values. This pattern matches both quoted strings (""value"" or "'value'") and unquoted identifiers. The regex contains alternation branches for: 1. Double-quoted strings: ""[^"](?:.[^"])"" 2. Single-quoted strings: "'[^'](?:.[^'])'" 3. Unquoted identifiers When an attribute selector contains an unterminated quoted value - e.g., "[a="xxxx..." (opening """ but no closing """) -” the regex engine attempts to match the quoted-string branch. After that branch fails (no closing quote), the engine backtracks and attempts to match the remaining input against subsequent alternation branches and parent patterns. The structure of the pattern causes catastrophic backtracking where the number of backtracking steps grows exponentially with the length of the content between the opening quote and the end of the string. Root cause: The regex pattern does not anchor or guard against the case where a quoted string is never terminated. The overlapping character classes across alternation branches create exponential backtracking when the quoted-string branch fails on long input. Key characteristics: - Input size: Only 300 bytes are needed to trigger a >3 second hang - Amplification: Each additional character approximately doubles the backtracking time - No memory impact: The attack consumes CPU only (regex backtracking is compute-bound) Proof of Concept import time import soupsieve as sv PAYLOAD_LEN = 300 Control: well-formed selector with terminated quote (completes instantly) well_formed = '[a="' + ('x' * PAYLOAD_LEN) + '"]' start = time.perf_counter() try: sv.compile(well_formed) except Exception: pass control_time = time.perf_counter() - start print(f"Well-formed selector ({len(well_formed)} bytes): {control_time:.4f}s") Exploit: unterminated quote triggers catastrophic regex backtracking malformed = '[a="' + ('x' * PAYLOAD_LEN) start = time.perf_counter() try: sv.compile(malformed) # WARNING: This will hang for >3 seconds except Exception: pass exploit_time = time.perf_counter() - start print(f"Malformed selector ({len(malformed)} bytes): {exploit_time:.4f}s") slowdown = exploit_time / max(control_time, 1e-9) print(f"Slowdown: {slowdown:.0f}x") Expected output: Well-formed selector (306 bytes): ~0.001s Malformed selector (304 bytes): >3.0s (may need to be killed) Slowdown: >3000x NOTE: On some systems the malformed selector may hang indefinitely. Use a timeout mechanism (signal.alarm, threading.Timer) when testing. Safe testing variant with timeout: import signal import soupsieve as sv def timeout_handler(signum, frame): raise TimeoutError("ReDoS confirmed: regex backtracking exceeded timeout") PAYLOAD_LEN = 300 malformed = '[a="' + ('x' * PAYLOAD_LEN) signal.signal(signal.SIGALRM, timeout_handler) signal.alarm(3) # 3-second timeout try: sv.compile(malformed) print("Selector compiled (not vulnerable)") except TimeoutError as e: print(f"VULNERABLE: {e}") except Exception as e: print(f"Other error: {e}") finally: signal.alarm(0) # Cancel the alarm Impact Severity: High An attacker can cause CPU exhaustion on any server-side Python application that compiles user-supplied CSS selectors via soupsieve. The attack is particularly dangerous because: 1. Tiny payload: Only 300 bytes are needed - well within typical URL parameter, form field, or API request limits 2. No special characters: The payload consists entirely of printable ASCII characters ("[a="xxx...") 3. Exponential scaling: Each additional byte approximately doubles the backtracking time, making the attack easily tuneable 4. Thread blocking: The regex engine blocks the calling thread with no opportunity for interruption (except via OS signals) | Parameter | Value | |---|---| | Input size | 300 bytes | | CPU time consumed | >3 seconds (exponential with payload length) | | Memory consumed | Negligible (CPU-only attack) | | Authentication required | None | | User interaction required | None | Deployment impact: In threaded or async web applications, a single malicious request blocks a worker thread for the duration of the backtracking. An attacker can submit multiple concurrent requests to exhaust all available workers, causing complete service denial. The small payload size makes the attack easy to deliver and difficult to detect via request size limits. Downstream exposure: soupsieve is an automatic dependency of "beautifulsoup4", one of the most widely installed Python packages. Any web application, API, or service that accepts CSS selectors from users is potentially affected. Credit The vulnerability was discovered by a security research team from the University of Sydney, whose focus is detecting open source software vulnerabilities. Liyi Zhou: https://lzhou1110.github.io/ Ziyue Wang: https://zyy0530.github.io/ Strick: https://str1ckl4nd.github.io/ Maurice: https://maurice.busystar.org/ Chenchen Yu: https://7thparkk.github.io/
Publish Date: 2026-07-09
URL: CVE-2026-49477
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-836r-79rf-4m37
Release Date: 2026-07-09
Fix Resolution: soupsieve - 2.8.4,soupsieve - 2.8.4
Step up your Open Source Security Game with Mend here
Vulnerable Library - soupsieve-2.4.1-py3-none-any.whl
A modern CSS selector implementation for Beautiful Soup.
Library home page: https://files.pythonhosted.org/packages/49/37/673d6490efc51ec46d198c75903d99de59baffdd47aea3d071b80a9e4e89/soupsieve-2.4.1-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: b2b2eb325dc81df00162fc7b87524324be1c6492
Found in base branch: main
Vulnerability Details
Summary The CSS selector parser in soupsieve (the CSS selector engine for Beautiful Soup 4) allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to "soupsieve.compile()" or Beautiful Soup's ".select()" / ".select_one()" can cause the application to allocate hundreds of megabytes of heap memory from a relatively small input, leading to memory exhaustion and denial of service. To be completely transparent, AI tools helped surface this issue. However, it was independently reproduced and carefully validated. Researchers follow responsible disclosure practices and originally shared this report privately. A 500 KB selector string triggers allocation of approximately 244 MB of heap memory - a 488x— amplification ratio**. Details Affected code: "soupsieve/css_parser.py", lines ~204, 925, 1106 The soupsieve CSS parser splits comma-separated selector lists and creates one "CSSSelector" object per list item. Each "CSSSelector" object contains parsed selector data structures including "SelectorList", "Selector", and associated tag/attribute/pseudo-class metadata. When a selector string such as "a,a,a,..." (with 250,000 comma-separated items) is passed to "sv.compile()", the parser: 1. Tokenises the entire string and identifies each comma-delimited segment (line ~1106) 2. Parses each segment into a full "Selector" object with all associated metadata (line ~925) 3. Stores all parsed selectors in a "SelectorList" (line ~204) Root cause: No limit is enforced on the number of selectors in a comma-separated list. The parser will attempt to parse and store an arbitrary number of selectors, with each selector object consuming approximately 976 bytes of heap memory. The total allocation scales linearly with the number of list items, but the amplification ratio (output memory / input bytes) is extremely high because each single-character selector like "a" expands into a complex object graph. Attack surface: Any application that passes user-supplied CSS selectors to "soupsieve.compile()" or Beautiful Soup's ".select()" / ".select_one()". Proof of Concept import tracemalloc import soupsieve as sv tracemalloc.start() Build a 500 KB selector string: "a,a,a,...,a" (250,000 items) count = 250_000 selector = ",".join("a" for _ in range(count)) print(f"Selector string size: {len(selector):,} bytes ({len(selector) / 1024:.0f} KB)") Compile the selector — this allocates ~244 MB compiled = sv.compile(selector) current, peak = tracemalloc.get_traced_memory() tracemalloc.stop() print(f"Compiled selector count: {len(compiled.selectors):,}") print(f"Current memory: {current / 1024 / 1024:.1f} MB") print(f"Peak memory: {peak / 1024 / 1024:.1f} MB") print(f"Amplification ratio: {peak / len(selector):.0f}x") Expected output: Selector string size: 499,999 bytes (488 KB) Compiled selector count: 250,000 Current memory: ~244 MB Peak memory: ~244 MB Amplification ratio: ~488x Impact Severity: High An attacker can exhaust available memory on any server-side Python application that compiles user-supplied CSS selectors via soupsieve. This can cause: - OOM kills in containerised deployments (Kubernetes pods, Docker containers) with memory limits - Swap thrashing on bare-metal servers, degrading performance for all co-located processes - Process termination via Python's "MemoryError" exception if the system runs out of addressable memory | Parameter | Value | |---|---| | Input size | ~500 KB selector string | | Memory allocated | ~244 MB | | Amplification ratio | ~488× | | Per-object overhead | ~976 bytes per selector | | Authentication required | None | | User interaction required | None | Scalability of attack: The memory allocation scales linearly - doubling the selector count doubles memory usage. An attacker can tune the payload to exactly exhaust a target's memory limits. Multiple concurrent requests multiply the effect. Downstream exposure: soupsieve is an automatic dependency of "beautifulsoup4", one of the most widely installed Python packages. Any web application accepting CSS selectors from users (e.g., web scraping APIs, content filtering tools, CMS preview features) is potentially affected. Credit Discovered by a security research team from the University of Sydney, focused on detecting open source software vulnerabilities. Liyi Zhou: https://lzhou1110.github.io/ Ziyue Wang: https://zyy0530.github.io/ Strick: https://str1ckl4nd.github.io/ Maurice: https://maurice.busystar.org/ Chenchen Yu: https://7thparkk.github.io/
Publish Date: 2026-07-09
URL: CVE-2026-49476
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-2wc2-fm75-p42x
Release Date: 2026-07-09
Fix Resolution: soupsieve - 2.8.4,soupsieve - 2.8.4
Step up your Open Source Security Game with Mend here
Vulnerable Library - lxml-4.9.3-cp37-cp37m-manylinux_2_28_x86_64.whl
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
Library home page: https://files.pythonhosted.org/packages/06/d4/f95105414c4bf7e4c87ec5e3c600dd88909c628d77a2760c0e5ef186bba4/lxml-4.9.3-cp37-cp37m-manylinux_2_28_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: b2b2eb325dc81df00162fc7b87524324be1c6492
Found in base branch: main
Vulnerability Details
lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_entities option explicitly to resolve_entities='internal' or resolve_entities=False disables the local file access. This vulnerability is fixed in 6.1.0.
Publish Date: 2026-04-24
URL: CVE-2026-41066
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-vfmq-68hx-4jfw
Release Date: 2026-04-22
Fix Resolution (lxml): 6.1.0
Direct dependency fix Resolution (yfinance): 0.2.28
Step up your Open Source Security Game with Mend here