iterasdev/peppol-py

Releases12

Frequency3 weeks 2 days

Last Release 15 days ago

Stars10

Python AS4 / Peppol sender

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-66371 ↗	Nov 28, 2025Friday, 28 November 2025, 04:16	5 MEDIUM	—
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host.