If by flaws you mean the security researchers spamming libxml2 with low effort stuff demanding a CVE for each one so they can brag about it – no, I don’t think anybody can fix that.
If by flaws you mean the security researchers spamming libxml2 with low effort stuff demanding a CVE for each one so they can brag about it – no, I don’t think anybody can fix that.
Based on context, i kind of imagine they are more thinking of the issues surounding libxslt.
libxslt part I can agree with. But xmloxide readme states XSLT support is a non-goal anyway?