Hello oss-security,
just a quick note that libexpat 2.7.4 (or "Expat 2.7.4") released today is fixing CVE-2026-24515 (NULL pointer de-reference, CWE-476) and CVE-2026-25210 (integer overflow, CWE-190). Some key links are: - The change log of release 2.7.4 https://github.com/libexpat/libexpat/blob/R_2_7_4/expat/Changes - The fixing pull requests - https://github.com/libexpat/libexpat/pull/1131 - https://github.com/libexpat/libexpat/pull/1075 - The official CVE metadata - https://nvd.nist.gov/vuln/detail/CVE-2026-24515 - https://nvd.nist.gov/vuln/detail/CVE-2026-25210 Best Sebastian
