Because it was written in C, libxml2's CVE history has been dominated by use-after-free, buffer overflows, double frees, and type confusion. xmloxide is written in pure Rust, so these entire vulnerability classes are eliminated at compile time.

▲

sarchertech 6 hours ago | parent [-]

Only if it doesn’t use any unsafe code, which I don’t think is the case here.

	▲	5 hours ago \| parent \| next [-]
		[deleted]
	▲	jawiggins 6 hours ago \| parent \| prev [-]
		Is that true? I thought if you compiled a rust crate with, `#[deny(unsafe_code)]`, there would not be any issues. xmloxide has unsafe usage only in the the C FFI layer, so the rest of the system should be fine.