[HIGH] xmlseclibs: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

PKSA-pr5h-1dpm-9x4k CVE-2026-32313 GHSA-4v26-v6cg-g6f9

Affected version: <3.1.5

Reported by:
GitHub

[MEDIUM] robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

PKSA-pcdf-qvqm-w4tv CVE-2025-66578 GHSA-c4cc-x928-vjw9

Affected version: <=3.1.3

Reported by:
GitHub