oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

BioPython 1.87 fixes CVE-2025-68463 (XXE, SSRF)

From: Sebastian Pipping <sebastian () pipping org>
Date: Fri, 8 May 2026 18:49:35 +0200
Hello oss-security,


just a quick note that BioPython 1.87 released 2026-03-30 is fixing
CVE-2025-68463: XXE/SSRF in Bio.Entrez.* .

Some key links are:

- The detailed report with PoC
  https://github.com/biopython/biopython/issues/5109

- The two related pull requests
  - https://github.com/biopython/biopython/pull/5114
  - https://github.com/biopython/biopython/pull/5148

- The change log of release 1.87
  https://github.com/biopython/biopython/blob/biopython-187/NEWS.rst

- The official CVE metadata
  https://nvd.nist.gov/vuln/detail/CVE-2025-68463

Best



Sebastian
Previous By Date Next
Previous By Thread Next

Current thread: