Vulnerabilities have been found concerning the expat XML parser, including two which may lead to arbitrary code execution (CVE-2022-25235, CVE-2022-25236). The expat XML parser is a library, written in C, which is a dependency for various other software.

Details are in the SVG advisory.