lxml: pythonic binding for the libxml2 and libxslt libraries lxml could be made to execute arbitrary code if it received a specially crafted XML or HTML file.