BACKLOG.

22 CVEs from Dependabot, Snyk, and CISA KEV catalog. 6 in CISA KEV with documented active exploitation. 2 with patches available but blocked behind a major-version bump.

KEV-listed vulns aren't theoretical. They're someone else's breach already.

CVE-2025-49223 · libxml2 KEV ACTIVE

CVSS 9.8 · in 3 services · patch available · 47d in queue.

Patch this week, document remediation, escalate to security.