The following vulnerability was published for expat.
CVE-2024-28757[0]:
| libexpat through 2.6.1 allows an XML Entity Expansion attack when
| there is isolated use of external parsers (created via
| XML_ExternalEntityParserCreate).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.