It was reported that python-docx prior to v0.8.6 is vulnerable to XML External Entity (XXE) attack. CVE request (contains reproducer): http://seclists.org/oss-sec/2016/q2/617
Created python-docx tracking bugs for this issue: Affects: fedora-all [bug 1351083]