The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call.
Recent assessments:
ericalexanderorg at March 21, 2020 1:24pm UTC reported:
XXE vulnerability in library that’s in use by over 500 projects on Github.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 2