py-xml v1.0 exists to contain an XML External Entity Injection (XXE) vulnerability which allows malicious users to execute arbitrary code via a crafted XML file.
py-xml project py-xml 1.0