Is untangle safe to use?

untangle has 4 known vulnerabilities on the latest version (1.1.1). DepScope rates its health at 34/100 (critical risk).

What is the latest version of untangle?

The latest version of untangle is 1.1.1, released 2025-04-22.

Yes. untangle has 4 known vulnerabilities. See depscope.dev/pkg/conda/untangle for details.

No, untangle is actively maintained. Latest release: 1.1.1 (2025-04-22).

DepScope has no curated alternatives for untangle at this time.

untangle is licensed under MIT.

condav1.1.1

Convert XML documents into Python objects.

License MITpermissive1 versions1 maintainers0 deps24 weekly dl

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 1.2.1 to fix known vulnerabilities

Health breakdown0 – 100

5/25

maintenance

0/20

popularity

15/25

security

12/15

maturity

2/15

community

Vulnerabilities

2 high2 low

Advisories (4)

Severity	ID	Summary	Fixed in
high	CVE-2022-33977	untangle vulnerable to XML Entity Expansion	1.2.1
high	CVE-2022-31471	untangle vulnerable to Improper Restriction of XML External Entity Reference	1.2.1
unknown	CVE-2022-33977	untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running.	1.2.1
unknown	CVE-2022-31471	untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files.	1.2.1

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/conda/untangle

First published · 2020-06-30 01:01:00.992000+00:00

Last updated · 2025-04-22 14:57:29.173000+00:00