Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/104692?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "type": "deb", "namespace": "debian", "name": "libxslt", "version": "1.1.35-1.2+deb13u3", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.1.35-2", "latest_non_vulnerable_version": "1.1.43-0.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77588?format=api", "vulnerability_id": "VCID-6f4y-n9m4-vydg", "summary": "libxslt: use-after-free with key data stored cross-RVT", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10911.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10911.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05503", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10911" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10911" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116447", "reference_id": "1116447", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1116447" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/144", "reference_id": "144", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T15:48:55Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/144" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397838", "reference_id": "2397838", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T15:48:55Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397838" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77", "reference_id": "77", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T15:48:55Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-10911", "reference_id": "CVE-2025-10911", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T15:48:55Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-10911" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11015", "reference_id": "RHSA-2026:11015", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-29T15:48:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:11015" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104715?format=api", "purl": "pkg:deb/debian/libxslt@1.1.43-0.3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.43-0.3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-10911" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6f4y-n9m4-vydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73619?format=api", "vulnerability_id": "VCID-e25f-65vw-ykc2", "summary": "libxslt: Type Confusion in exsltFuncResultCompfunction of libxslt", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11731.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11731.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11731", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26125", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11731" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11731" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118078", "reference_id": "1118078", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118078" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/151", "reference_id": "151", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T15:18:32Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/151" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403688", "reference_id": "2403688", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T15:18:32Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403688" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78", "reference_id": "78", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T15:18:32Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-11731", "reference_id": "CVE-2025-11731", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T15:18:32Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-11731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11015", "reference_id": "RHSA-2026:11015", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-14T15:18:32Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:11015" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104715?format=api", "purl": "pkg:deb/debian/libxslt@1.1.43-0.3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.43-0.3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-11731" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e25f-65vw-ykc2" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78034?format=api", "vulnerability_id": "VCID-1gsj-a6gq-83ga", "summary": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4609.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4609.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4609", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0559", "scoring_system": "epss", "scoring_elements": "0.90466", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0559", "scoring_system": "epss", "scoring_elements": "0.90481", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4609" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4609", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4609" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1714979", "reference_id": "1714979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1714979" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104701?format=api", "purl": "pkg:deb/debian/libxslt@1.1.29-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.29-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4609" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1gsj-a6gq-83ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78027?format=api", "vulnerability_id": "VCID-3d6z-strm-dfhm", "summary": "Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75854", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75881", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2900", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2900" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2905" }, { "reference_url": "https://security.gentoo.org/glsa/201309-16", "reference_id": "GLSA-201309-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104699?format=api", "purl": "pkg:deb/debian/libxslt@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-2902" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3d6z-strm-dfhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78024?format=api", "vulnerability_id": "VCID-4ggh-374b-rqdx", "summary": "libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2870.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2870.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2870", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0088", "scoring_system": "epss", "scoring_elements": "0.75714", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0088", "scoring_system": "epss", "scoring_elements": "0.75741", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2870" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422", "reference_id": "689422", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=852937", "reference_id": "852937", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852937" }, { "reference_url": "https://security.gentoo.org/glsa/201401-07", "reference_id": "GLSA-201401-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1265", "reference_id": "RHSA-2012:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1265" }, { "reference_url": "https://usn.ubuntu.com/1595-1/", "reference_id": "USN-1595-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1595-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104697?format=api", "purl": "pkg:deb/debian/libxslt@1.1.26-14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.26-14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2870" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ggh-374b-rqdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78038?format=api", "vulnerability_id": "VCID-518x-ten9-sfe3", "summary": "xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55549.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-55549.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27946", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55549" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55549", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55549" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100565", "reference_id": "1100565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100565" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352484", "reference_id": "2352484", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3613", "reference_id": "RHSA-2025:3613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3614", "reference_id": "RHSA-2025:3614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3615", "reference_id": "RHSA-2025:3615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3619", "reference_id": "RHSA-2025:3619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3624", "reference_id": "RHSA-2025:3624", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3625", "reference_id": "RHSA-2025:3625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3626", "reference_id": "RHSA-2025:3626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3627", "reference_id": "RHSA-2025:3627", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4025", "reference_id": "RHSA-2025:4025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4098", "reference_id": "RHSA-2025:4098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4427", "reference_id": "RHSA-2025:4427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4431", "reference_id": "RHSA-2025:4431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4677", "reference_id": "RHSA-2025:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4731", "reference_id": "RHSA-2025:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7410", "reference_id": "RHSA-2025:7410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7496", "reference_id": "RHSA-2025:7496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8303", "reference_id": "RHSA-2025:8303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8303" }, { "reference_url": "https://usn.ubuntu.com/7357-1/", "reference_id": "USN-7357-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7357-1/" }, { "reference_url": "https://usn.ubuntu.com/7787-1/", "reference_id": "USN-7787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104713?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104712?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104714?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-55549" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-518x-ten9-sfe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78035?format=api", "vulnerability_id": "VCID-5kc1-z3et-eud8", "summary": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4610.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4610.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4610", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0559", "scoring_system": "epss", "scoring_elements": "0.90466", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0559", "scoring_system": "epss", "scoring_elements": "0.90481", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4610" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716448", "reference_id": "1716448", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716448" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104701?format=api", "purl": "pkg:deb/debian/libxslt@1.1.29-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.29-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4610" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5kc1-z3et-eud8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41140?format=api", "vulnerability_id": "VCID-5xuf-r7bj-33fa", "summary": "Improper Input Validation\nIn `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13117", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04376", "scoring_system": "epss", "scoring_elements": "0.89156", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04376", "scoring_system": "epss", "scoring_elements": "0.89173", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13117" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1943", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1943" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ" }, { "reference_url": "https://oss-fuzz.com/testcase-detail/5631739747106816", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "https://oss-fuzz.com/testcase-detail/5631739747106816" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190806-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190806-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200122-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200122-0003" }, { "reference_url": "https://usn.ubuntu.com/4164-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4164-1" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/11/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728546", "reference_id": "1728546", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728546" }, { "reference_url": "https://usn.ubuntu.com/4164-1/", "reference_id": "4164-1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "https://usn.ubuntu.com/4164-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321", "reference_id": "931321", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13117", "reference_id": "CVE-2019-13117", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13117" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/", "reference_id": "IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190806-0004/", "reference_id": "ntap-20190806-0004", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190806-0004/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200122-0003/", "reference_id": "ntap-20200122-0003", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104704?format=api", "purl": "pkg:deb/debian/libxslt@1.1.32-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.32-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13117", "GHSA-4hm9-844j-jmxp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xuf-r7bj-33fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78037?format=api", "vulnerability_id": "VCID-6yqw-hwn4-f3gg", "summary": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40403.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40403.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31408", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40403" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/10", "reference_id": "10", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/10" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108074", "reference_id": "1108074", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108074" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349766", "reference_id": "2349766", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349766" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/3" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/4" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/5" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/6" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/8", "reference_id": "8", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/8" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/9" }, { "reference_url": "https://support.apple.com/en-us/HT213927", "reference_id": "HT213927", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213927" }, { "reference_url": "https://support.apple.com/en-us/HT213931", "reference_id": "HT213931", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213931" }, { "reference_url": "https://support.apple.com/en-us/HT213932", "reference_id": "HT213932", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213932" }, { "reference_url": "https://support.apple.com/en-us/HT213936", "reference_id": "HT213936", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213936" }, { "reference_url": "https://support.apple.com/en-us/HT213937", "reference_id": "HT213937", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213937" }, { "reference_url": "https://support.apple.com/en-us/HT213938", "reference_id": "HT213938", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213938" }, { "reference_url": "https://support.apple.com/en-us/HT213940", "reference_id": "HT213940", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T14:28:39Z/" } ], "url": "https://support.apple.com/en-us/HT213940" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8676", "reference_id": "RHSA-2025:8676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9016", "reference_id": "RHSA-2025:9016", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10065", "reference_id": "RHSA-2026:10065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16008", "reference_id": "RHSA-2026:16008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16009", "reference_id": "RHSA-2026:16009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16174", "reference_id": "RHSA-2026:16174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6266", "reference_id": "RHSA-2026:6266", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6266" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6499", "reference_id": "RHSA-2026:6499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7335", "reference_id": "RHSA-2026:7335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://usn.ubuntu.com/7600-1/", "reference_id": "USN-7600-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7600-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104709?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104708?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104711?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104710?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-40403" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6yqw-hwn4-f3gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38133?format=api", "vulnerability_id": "VCID-7q6s-p2vg-3ugp", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nnokogiri mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.", "references": [ { "reference_url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1683.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1683.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1683", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00989", "scoring_system": "epss", "scoring_elements": "0.77209", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00989", "scoring_system": "epss", "scoring_elements": "0.77241", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1683" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340016" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1683", "reference_id": "CVE-2016-1683", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1683" }, { "reference_url": "https://security.gentoo.org/glsa/201607-07", "reference_id": "GLSA-201607-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1190", "reference_id": "RHSA-2016:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1190" }, { "reference_url": "https://usn.ubuntu.com/2992-1/", "reference_id": "USN-2992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2992-1/" }, { "reference_url": "https://usn.ubuntu.com/3271-1/", "reference_id": "USN-3271-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3271-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104701?format=api", "purl": "pkg:deb/debian/libxslt@1.1.29-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.29-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1683" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7q6s-p2vg-3ugp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78041?format=api", "vulnerability_id": "VCID-9q7z-rwe8-zydg", "summary": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7425.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7425.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41043", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7425" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109122", "reference_id": "1109122", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109122" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140", "reference_id": "140", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274", "reference_id": "2379274", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9", "reference_id": "cpe:/a:redhat:cert_manager:1.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9", "reference_id": "cpe:/a:redhat:discovery:2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9", "reference_id": "cpe:/a:redhat:insights_proxy:1.5::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8", "reference_id": "cpe:/a:redhat:openshift:4.12::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9", "reference_id": "cpe:/a:redhat:openshift:4.15::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9", "reference_id": "cpe:/a:redhat:openshift:4.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9", "reference_id": "cpe:/a:redhat:openshift:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9", "reference_id": "cpe:/a:redhat:openshift:4.19::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_compliance_operator:1::el9", "reference_id": "cpe:/a:redhat:openshift_compliance_operator:1::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_compliance_operator:1::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "reference_id": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_distributed_tracing:3.5::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9", "reference_id": "cpe:/a:redhat:openshift_file_integrity_operator:1::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8", "reference_id": "cpe:/a:redhat:openshift_serverless:1.36::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9", "reference_id": "cpe:/a:redhat:webterminal:1.11::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9", "reference_id": "cpe:/a:redhat:webterminal:1.12::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-7425", "reference_id": "CVE-2025-7425", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-7425" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2025:12345", "reference_id": "RHBA-2025:12345", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2025:12345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12447", "reference_id": "RHSA-2025:12447", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12450", "reference_id": "RHSA-2025:12450", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13308", "reference_id": "RHSA-2025:13308", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13309", "reference_id": "RHSA-2025:13309", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13310", "reference_id": "RHSA-2025:13310", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13311", "reference_id": "RHSA-2025:13311", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13311" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13312", "reference_id": "RHSA-2025:13312", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13313", "reference_id": "RHSA-2025:13313", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13313" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13314", "reference_id": "RHSA-2025:13314", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13335", "reference_id": "RHSA-2025:13335", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13464", "reference_id": "RHSA-2025:13464", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13622", "reference_id": "RHSA-2025:13622", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13622" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14059", "reference_id": "RHSA-2025:14059", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14396", "reference_id": "RHSA-2025:14396", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14818", "reference_id": "RHSA-2025:14818", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14819", "reference_id": "RHSA-2025:14819", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14819" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14853", "reference_id": "RHSA-2025:14853", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14858", "reference_id": "RHSA-2025:14858", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15308", "reference_id": "RHSA-2025:15308", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15672", "reference_id": "RHSA-2025:15672", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15827", "reference_id": "RHSA-2025:15827", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15828", "reference_id": "RHSA-2025:15828", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18219", "reference_id": "RHSA-2025:18219", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:18219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21885", "reference_id": "RHSA-2025:21885", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21913", "reference_id": "RHSA-2025:21913", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11503", "reference_id": "RHSA-2026:11503", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-07-10T15:21:27Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:11503" }, { "reference_url": "https://usn.ubuntu.com/7852-1/", "reference_id": "USN-7852-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7852-1/" }, { "reference_url": "https://usn.ubuntu.com/7852-2/", "reference_id": "USN-7852-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7852-2/" }, { "reference_url": "https://usn.ubuntu.com/7896-1/", "reference_id": "USN-7896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104699?format=api", "purl": "pkg:deb/debian/libxslt@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-7425" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9q7z-rwe8-zydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78023?format=api", "vulnerability_id": "VCID-9raq-7y5u-bfc4", "summary": "The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2825.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2825.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2825", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01505", "scoring_system": "epss", "scoring_elements": "0.81496", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01505", "scoring_system": "epss", "scoring_elements": "0.81523", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679283", "reference_id": "679283", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679283" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=835982", "reference_id": "835982", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=835982" }, { "reference_url": "https://security.gentoo.org/glsa/201208-03", "reference_id": "GLSA-201208-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201208-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1265", "reference_id": "RHSA-2012:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1265" }, { "reference_url": "https://usn.ubuntu.com/1595-1/", "reference_id": "USN-1595-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1595-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104696?format=api", "purl": "pkg:deb/debian/libxslt@1.1.26-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.26-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2825" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9raq-7y5u-bfc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4595?format=api", "vulnerability_id": "VCID-b8q3-sd61-rqhf", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5029.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5029.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5029", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01232", "scoring_system": "epss", "scoring_elements": "0.79516", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01232", "scoring_system": "epss", "scoring_elements": "0.79542", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5029" }, { "reference_url": "https://crbug.com/676623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://crbug.com/676623" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5" }, { "reference_url": "https://github.com/advisories/GHSA-pf6m-fxpq-fg8v", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf6m-fxpq-fg8v" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1634", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1634" }, { "reference_url": "https://ubuntu.com/security/CVE-2017-5029", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ubuntu.com/security/CVE-2017-5029" }, { "reference_url": "https://ubuntu.com/security/notices/USN-3271-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ubuntu.com/security/notices/USN-3271-1" }, { "reference_url": "http://www.securityfocus.com/bid/96767", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1431033", "reference_id": "1431033", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1431033" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546", "reference_id": "858546", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546" }, { "reference_url": "https://security.archlinux.org/ASA-201703-4", "reference_id": "ASA-201703-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-4" }, { "reference_url": "https://security.archlinux.org/ASA-201703-5", "reference_id": "ASA-201703-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201703-5" }, { "reference_url": "https://security.archlinux.org/AVG-195", "reference_id": "AVG-195", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-195" }, { "reference_url": "https://security.archlinux.org/AVG-196", "reference_id": "AVG-196", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-196" }, { "reference_url": "https://security.archlinux.org/AVG-197", "reference_id": "AVG-197", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-197" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5029", "reference_id": "CVE-2017-5029", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5029" }, { "reference_url": "https://security.gentoo.org/glsa/201804-01", "reference_id": "GLSA-201804-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0499", "reference_id": "RHSA-2017:0499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0499" }, { "reference_url": "https://usn.ubuntu.com/3236-1/", "reference_id": "USN-3236-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3236-1/" }, { "reference_url": "https://usn.ubuntu.com/3271-1/", "reference_id": "USN-3271-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3271-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104703?format=api", "purl": "pkg:deb/debian/libxslt@1.1.29-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.29-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-5029", "GHSA-pf6m-fxpq-fg8v" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8q3-sd61-rqhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78039?format=api", "vulnerability_id": "VCID-bt7a-eucw-gkbq", "summary": "numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24855.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24855.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25131", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24855" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100566", "reference_id": "1100566", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100566" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352483", "reference_id": "2352483", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3107", "reference_id": "RHSA-2025:3107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3389", "reference_id": "RHSA-2025:3389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3528", "reference_id": "RHSA-2025:3528", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3615", "reference_id": "RHSA-2025:3615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3619", "reference_id": "RHSA-2025:3619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3624", "reference_id": "RHSA-2025:3624", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3625", "reference_id": "RHSA-2025:3625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3626", "reference_id": "RHSA-2025:3626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3627", "reference_id": "RHSA-2025:3627", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4098", "reference_id": "RHSA-2025:4098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4427", "reference_id": "RHSA-2025:4427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4427" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4431", "reference_id": "RHSA-2025:4431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4677", "reference_id": "RHSA-2025:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4731", "reference_id": "RHSA-2025:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7496", "reference_id": "RHSA-2025:7496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8303", "reference_id": "RHSA-2025:8303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8303" }, { "reference_url": "https://usn.ubuntu.com/7361-1/", "reference_id": "USN-7361-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7361-1/" }, { "reference_url": "https://usn.ubuntu.com/7787-1/", "reference_id": "USN-7787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104713?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104712?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104714?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-24855" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bt7a-eucw-gkbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37457?format=api", "vulnerability_id": "VCID-d39h-k44d-8kgx", "summary": "Uncontrolled Resource Consumption\nlibxml2, as used in Google Chrome, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2871.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2871.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2871", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00783", "scoring_system": "epss", "scoring_elements": "0.74106", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00783", "scoring_system": "epss", "scoring_elements": "0.7414", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2871" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422", "reference_id": "689422", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=852935", "reference_id": "852935", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852935" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2871", "reference_id": "CVE-2012-2871", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2871" }, { "reference_url": "https://security.gentoo.org/glsa/201311-06", "reference_id": "GLSA-201311-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1265", "reference_id": "RHSA-2012:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1265" }, { "reference_url": "https://usn.ubuntu.com/1595-1/", "reference_id": "USN-1595-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1595-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104697?format=api", "purl": "pkg:deb/debian/libxslt@1.1.26-14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.26-14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2871" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d39h-k44d-8kgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78029?format=api", "vulnerability_id": "VCID-dmc9-8mde-qqhy", "summary": "The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a \"type confusion\" issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7995.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7995.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0137", "scoring_system": "epss", "scoring_elements": "0.8055", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0137", "scoring_system": "epss", "scoring_elements": "0.80576", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7995" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962", "reference_id": "1257962", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257962" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802971", "reference_id": "802971", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802971" }, { "reference_url": "https://usn.ubuntu.com/3271-1/", "reference_id": "USN-3271-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3271-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104700?format=api", "purl": "pkg:deb/debian/libxslt@1.1.28-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.28-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-7995" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmc9-8mde-qqhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41139?format=api", "vulnerability_id": "VCID-ft4s-195a-8fcf", "summary": "Improper Input Validation\nIn `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13118", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01008", "scoring_system": "epss", "scoring_elements": "0.77436", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01008", "scoring_system": "epss", "scoring_elements": "0.77408", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13118" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13118", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13118" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/11" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/13" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/14" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/15", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/15" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/22", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/22" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/23" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/24" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/26", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/26" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/31" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/37", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/37" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jul/38", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Jul/38" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1943", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1943" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ" }, { "reference_url": "https://oss-fuzz.com/testcase-detail/5197371471822848", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://oss-fuzz.com/testcase-detail/5197371471822848" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/21", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://seclists.org/bugtraq/2019/Aug/21" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/22", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://seclists.org/bugtraq/2019/Aug/22" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://seclists.org/bugtraq/2019/Aug/23" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/25", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://seclists.org/bugtraq/2019/Aug/25" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/35", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jul/35" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/36", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jul/36" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/37", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jul/37" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/40", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jul/40" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/41", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jul/41" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jul/42", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jul/42" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190806-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190806-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200122-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200122-0003" }, { "reference_url": "https://support.apple.com/kb/HT210346", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://support.apple.com/kb/HT210346" }, { "reference_url": "https://support.apple.com/kb/HT210348", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://support.apple.com/kb/HT210348" }, { "reference_url": "https://support.apple.com/kb/HT210351", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://support.apple.com/kb/HT210351" }, { "reference_url": "https://support.apple.com/kb/HT210353", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://support.apple.com/kb/HT210353" }, { "reference_url": "https://support.apple.com/kb/HT210356", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://support.apple.com/kb/HT210356" }, { "reference_url": "https://support.apple.com/kb/HT210357", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://support.apple.com/kb/HT210357" }, { "reference_url": "https://support.apple.com/kb/HT210358", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://support.apple.com/kb/HT210358" }, { "reference_url": "https://usn.ubuntu.com/4164-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4164-1" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/11/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728541", "reference_id": "1728541", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728541" }, { "reference_url": "https://usn.ubuntu.com/4164-1/", "reference_id": "4164-1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://usn.ubuntu.com/4164-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320", "reference_id": "931320", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13118", "reference_id": "CVE-2019-13118", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13118" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/", "reference_id": "IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190806-0004/", "reference_id": "ntap-20190806-0004", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190806-0004/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200122-0003/", "reference_id": "ntap-20200122-0003", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104704?format=api", "purl": "pkg:deb/debian/libxslt@1.1.32-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.32-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13118", "GHSA-cf46-6xxh-pc75" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ft4s-195a-8fcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78033?format=api", "vulnerability_id": "VCID-gxb8-phyp-vban", "summary": "libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4608.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4608.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04106", "scoring_system": "epss", "scoring_elements": "0.88797", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04106", "scoring_system": "epss", "scoring_elements": "0.88814", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4608" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716454", "reference_id": "1716454", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1716454" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104701?format=api", "purl": "pkg:deb/debian/libxslt@1.1.29-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.29-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4608" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxb8-phyp-vban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78025?format=api", "vulnerability_id": "VCID-hagz-u4kw-uyf8", "summary": "Double free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2893.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2893.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2893", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01661", "scoring_system": "epss", "scoring_elements": "0.82404", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01661", "scoring_system": "epss", "scoring_elements": "0.82431", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2893" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422", "reference_id": "689422", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=860671", "reference_id": "860671", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=860671" }, { "reference_url": "https://security.gentoo.org/glsa/201401-07", "reference_id": "GLSA-201401-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1265", "reference_id": "RHSA-2012:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1265" }, { "reference_url": "https://usn.ubuntu.com/1595-1/", "reference_id": "USN-1595-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1595-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104697?format=api", "purl": "pkg:deb/debian/libxslt@1.1.26-14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.26-14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2893" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hagz-u4kw-uyf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78040?format=api", "vulnerability_id": "VCID-hy1s-51h2-ebeh", "summary": "A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7424.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59443", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-7424" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7424", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7424" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109123", "reference_id": "1109123", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109123" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/139", "reference_id": "139", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T14:19:10Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/139" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379228", "reference_id": "2379228", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T14:19:10Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379228" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-7424", "reference_id": "CVE-2025-7424", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T14:19:10Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-7424" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2025:12345", "reference_id": "RHBA-2025:12345", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T14:19:10Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2025:12345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11015", "reference_id": "RHSA-2026:11015", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T14:19:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:11015" }, { "reference_url": "https://usn.ubuntu.com/7945-1/", "reference_id": "USN-7945-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7945-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104709?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104708?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104711?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104710?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-7424" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hy1s-51h2-ebeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2891?format=api", "vulnerability_id": "VCID-jmw4-gesh-4bfj", "summary": "Chris Evans of the Chrome Security Team reported\nthat the XSLT generate-id() function returned a string that revealed\na specific valid address of an object on the memory heap. It is possible\nthat in some cases this address would be valuable information that could\nbe used by an attacker while exploiting a different memory corruption\nbut, in order to make an exploit more reliable or work around mitigation\nfeatures in the browser or operating system.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.71052", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.71094", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1202" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413", "reference_id": "617413", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386", "reference_id": "684386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202", "reference_id": "CVE-2011-1202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18", "reference_id": "mfsa2011-18", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1265", "reference_id": "RHSA-2012:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1265" }, { "reference_url": "https://usn.ubuntu.com/1112-1/", "reference_id": "USN-1112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1112-1/" }, { "reference_url": "https://usn.ubuntu.com/1121-1/", "reference_id": "USN-1121-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1121-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-1/", "reference_id": "USN-1122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-1/" }, { "reference_url": "https://usn.ubuntu.com/1122-2/", "reference_id": "USN-1122-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1122-2/" }, { "reference_url": "https://usn.ubuntu.com/1123-1/", "reference_id": "USN-1123-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1123-1/" }, { "reference_url": "https://usn.ubuntu.com/1595-1/", "reference_id": "USN-1595-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1595-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104694?format=api", "purl": "pkg:deb/debian/libxslt@1.1.26-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.26-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1202" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmw4-gesh-4bfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40906?format=api", "vulnerability_id": "VCID-jvd7-7jes-4ffn", "summary": "Bypass of a protection mechanism in libxslt\nThe libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01133", "scoring_system": "epss", "scoring_elements": "0.78684", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01133", "scoring_system": "epss", "scoring_elements": "0.7871", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1892", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1892" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/pull/1898", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/pull/1898" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191017-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191017-0001" }, { "reference_url": "https://usn.ubuntu.com/3947-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3947-1" }, { "reference_url": "https://usn.ubuntu.com/3947-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3947-2" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/23/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/04/23/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709697", "reference_id": "1709697", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1709697" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/", "reference_id": "36TEYN37XCCKN2XUMRTBBW67BPNMSW4K", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/" }, { "reference_url": "https://usn.ubuntu.com/3947-1/", "reference_id": "3947-1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "https://usn.ubuntu.com/3947-1/" }, { "reference_url": "https://usn.ubuntu.com/3947-2/", "reference_id": "3947-2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "https://usn.ubuntu.com/3947-2/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895", "reference_id": "926895", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11068", "reference_id": "CVE-2019-11068", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11068" }, { "reference_url": "https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068", "reference_id": "CVE-2019-11068", "reference_type": "", "scores": [], "url": "https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2019-11068", "reference_id": "CVE-2019-11068", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2019-11068" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/", "reference_id": "GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/" }, { "reference_url": "https://github.com/advisories/GHSA-qxcg-xjjg-66mj", "reference_id": "GHSA-qxcg-xjjg-66mj", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxcg-xjjg-66mj" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191017-0001/", "reference_id": "ntap-20191017-0001", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20191017-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4005", "reference_id": "RHSA-2020:4005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4464", "reference_id": "RHSA-2020:4464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4464" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/", "reference_id": "SK4YNISS22MJY22YX5I6V2U63QZAUEHA", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104704?format=api", "purl": "pkg:deb/debian/libxslt@1.1.32-2.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.32-2.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-11068", "GHSA-qxcg-xjjg-66mj" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvd7-7jes-4ffn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78031?format=api", "vulnerability_id": "VCID-mgq5-9ve4-9kgb", "summary": "numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1684.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1684.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1684", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75478", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00866", "scoring_system": "epss", "scoring_elements": "0.75507", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017", "reference_id": "1340017", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1340017" }, { "reference_url": "https://security.gentoo.org/glsa/201607-07", "reference_id": "GLSA-201607-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1190", "reference_id": "RHSA-2016:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1190" }, { "reference_url": "https://usn.ubuntu.com/2992-1/", "reference_id": "USN-2992-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2992-1/" }, { "reference_url": "https://usn.ubuntu.com/3271-1/", "reference_id": "USN-3271-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3271-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104701?format=api", "purl": "pkg:deb/debian/libxslt@1.1.29-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.29-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1684" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mgq5-9ve4-9kgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78026?format=api", "vulnerability_id": "VCID-mm56-c635-fbbd", "summary": "libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6139.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6139.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6139", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10825", "scoring_system": "epss", "scoring_elements": "0.93497", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10825", "scoring_system": "epss", "scoring_elements": "0.93508", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6139" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703933", "reference_id": "703933", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703933" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=927386", "reference_id": "927386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=927386" }, { "reference_url": "https://security.gentoo.org/glsa/201401-07", "reference_id": "GLSA-201401-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-07" }, { "reference_url": "https://usn.ubuntu.com/1784-1/", "reference_id": "USN-1784-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1784-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104698?format=api", "purl": "pkg:deb/debian/libxslt@1.1.26-14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.26-14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-6139" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mm56-c635-fbbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5379?format=api", "vulnerability_id": "VCID-q9gf-ard2-8yac", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30560", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24449", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.2455", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30560" }, { "reference_url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html" }, { "reference_url": "https://crbug.com/1219209", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://crbug.com/1219209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-30560.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-30560.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html" }, { "reference_url": "https://security.gentoo.org/glsa/202310-23", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202310-23" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5216", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5216" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990079", "reference_id": "990079", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990079" }, { "reference_url": "https://security.archlinux.org/ASA-202107-30", "reference_id": "ASA-202107-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-30" }, { "reference_url": "https://security.archlinux.org/ASA-202107-31", "reference_id": "ASA-202107-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-31" }, { "reference_url": "https://security.archlinux.org/AVG-2166", "reference_id": "AVG-2166", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2166" }, { "reference_url": "https://security.archlinux.org/AVG-2167", "reference_id": "AVG-2167", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2167" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30560", "reference_id": "CVE-2021-30560", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30560" }, { "reference_url": "https://github.com/advisories/GHSA-59gp-qqm7-cw4j", "reference_id": "GHSA-59gp-qqm7-cw4j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-59gp-qqm7-cw4j" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2", "reference_id": "GHSA-fq42-c5rg-92c2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2" }, { "reference_url": "https://security.gentoo.org/glsa/202107-49", "reference_id": "GLSA-202107-49", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-49" }, { "reference_url": "https://usn.ubuntu.com/5575-1/", "reference_id": "USN-5575-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5575-1/" }, { "reference_url": "https://usn.ubuntu.com/5575-2/", "reference_id": "USN-5575-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5575-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104707?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-30560", "GHSA-59gp-qqm7-cw4j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9gf-ard2-8yac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78021?format=api", "vulnerability_id": "VCID-r9kj-ss7q-kkfr", "summary": "Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as \"an argument in the XSL input.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2935.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2935.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22141", "scoring_system": "epss", "scoring_elements": "0.95901", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.22141", "scoring_system": "epss", "scoring_elements": "0.95905", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2935" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2935" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=455848", "reference_id": "455848", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=455848" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493162", "reference_id": "493162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493162" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32133.txt", "reference_id": "CVE-2008-2935;OSVDB-47544", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/32133.txt" }, { "reference_url": "https://www.securityfocus.com/bid/30467/info", "reference_id": "CVE-2008-2935;OSVDB-47544", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/30467/info" }, { "reference_url": "https://security.gentoo.org/glsa/200808-06", "reference_id": "GLSA-200808-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200808-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0649", "reference_id": "RHSA-2008:0649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0649" }, { "reference_url": "https://usn.ubuntu.com/633-1/", "reference_id": "USN-633-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/633-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104693?format=api", "purl": "pkg:deb/debian/libxslt@1.1.24-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.24-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-2935" ], "risk_score": 0.4, "exploitability": "2.0", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r9kj-ss7q-kkfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78036?format=api", "vulnerability_id": "VCID-thdj-xat2-8kbh", "summary": "libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4738.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4738.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05928", "scoring_system": "epss", "scoring_elements": "0.90789", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05928", "scoring_system": "epss", "scoring_elements": "0.90803", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4738" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4738" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388777", "reference_id": "1388777", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388777" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842570", "reference_id": "842570", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842570" }, { "reference_url": "https://security.gentoo.org/glsa/201804-01", "reference_id": "GLSA-201804-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-01" }, { "reference_url": "https://usn.ubuntu.com/3271-1/", "reference_id": "USN-3271-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3271-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104702?format=api", "purl": "pkg:deb/debian/libxslt@1.1.29-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.29-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-4738" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-thdj-xat2-8kbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4123?format=api", "vulnerability_id": "VCID-u9b2-qx2j-c7by", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5815", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29163", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29234", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5815" }, { "reference_url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=930663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/2630", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/2630" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702905", "reference_id": "1702905", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702905" }, { "reference_url": "https://security.archlinux.org/ASA-201904-12", "reference_id": "ASA-201904-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-12" }, { "reference_url": "https://security.archlinux.org/AVG-952", "reference_id": "AVG-952", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-952" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5815", "reference_id": "CVE-2019-5815", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5815" }, { "reference_url": "https://security.gentoo.org/glsa/201908-18", "reference_id": "GLSA-201908-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1021", "reference_id": "RHSA-2019:1021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1021" }, { "reference_url": "https://usn.ubuntu.com/5575-1/", "reference_id": "USN-5575-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5575-1/" }, { "reference_url": "https://usn.ubuntu.com/5575-2/", "reference_id": "USN-5575-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5575-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104706?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-5815", "GHSA-vmfx-gcfq-wvm2" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9b2-qx2j-c7by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4045?format=api", "vulnerability_id": "VCID-uk9u-nn9a-4yes", "summary": "multiple issues", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89374", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04534", "scoring_system": "epss", "scoring_elements": "0.89355", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18197" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1943", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1943" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191031-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20191031-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200416-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200416-0004" }, { "reference_url": "https://usn.ubuntu.com/4164-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4164-1" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/11/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770768", "reference_id": "1770768", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770768" }, { "reference_url": "https://usn.ubuntu.com/4164-1/", "reference_id": "4164-1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "https://usn.ubuntu.com/4164-1/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646", "reference_id": "942646", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646" }, { "reference_url": "https://security.archlinux.org/ASA-202002-3", "reference_id": "ASA-202002-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202002-3" }, { "reference_url": "https://security.archlinux.org/AVG-1092", "reference_id": "AVG-1092", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1092" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18197", "reference_id": "CVE-2019-18197", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18197" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20191031-0004/", "reference_id": "ntap-20191031-0004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20191031-0004/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200416-0004/", "reference_id": "ntap-20200416-0004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20200416-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0514", "reference_id": "RHSA-2020:0514", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4005", "reference_id": "RHSA-2020:4005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4464", "reference_id": "RHSA-2020:4464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4464" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104705?format=api", "purl": "pkg:deb/debian/libxslt@1.1.32-2.2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.32-2.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-18197", "GHSA-242x-7cm6-4w8j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uk9u-nn9a-4yes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78020?format=api", "vulnerability_id": "VCID-vjkq-gb6s-3fgu", "summary": "Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT \"transformation match\" condition that triggers a large number of steps.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1767.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2079", "scoring_system": "epss", "scoring_elements": "0.95713", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.2079", "scoring_system": "epss", "scoring_elements": "0.95718", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=446809", "reference_id": "446809", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446809" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482664", "reference_id": "482664", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482664" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/31815.html", "reference_id": "CVE-2008-1767;OSVDB-45419", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/31815.html" }, { "reference_url": "https://www.securityfocus.com/bid/29312/info", "reference_id": "CVE-2008-1767;OSVDB-45419", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/29312/info" }, { "reference_url": "https://security.gentoo.org/glsa/200806-02", "reference_id": "GLSA-200806-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200806-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0287", "reference_id": "RHSA-2008:0287", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0287" }, { "reference_url": "https://usn.ubuntu.com/633-1/", "reference_id": "USN-633-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/633-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104689?format=api", "purl": "pkg:deb/debian/libxslt@1.1.24-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.24-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-1767" ], "risk_score": 0.4, "exploitability": "2.0", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjkq-gb6s-3fgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78022?format=api", "vulnerability_id": "VCID-w54a-t2gb-wfdu", "summary": "libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3970.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3970.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66444", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66484", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660650", "reference_id": "660650", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660650" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=788826", "reference_id": "788826", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=788826" }, { "reference_url": "https://security.gentoo.org/glsa/201202-01", "reference_id": "GLSA-201202-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201202-01" }, { "reference_url": "https://security.gentoo.org/glsa/201203-08", "reference_id": "GLSA-201203-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1265", "reference_id": "RHSA-2012:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1265" }, { "reference_url": "https://usn.ubuntu.com/1595-1/", "reference_id": "USN-1595-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1595-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104695?format=api", "purl": "pkg:deb/debian/libxslt@1.1.26-11?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.26-11%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-3970" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w54a-t2gb-wfdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78028?format=api", "vulnerability_id": "VCID-wtn1-zp8n-k3es", "summary": "xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4520.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4520.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4520", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01432", "scoring_system": "epss", "scoring_elements": "0.81015", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01432", "scoring_system": "epss", "scoring_elements": "0.81044", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4520" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027360", "reference_id": "1027360", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027360" }, { "reference_url": "https://security.gentoo.org/glsa/201401-07", "reference_id": "GLSA-201401-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-07" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104699?format=api", "purl": "pkg:deb/debian/libxslt@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4520" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wtn1-zp8n-k3es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78032?format=api", "vulnerability_id": "VCID-zffq-an1r-ckf3", "summary": "libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1841.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01678", "scoring_system": "epss", "scoring_elements": "0.82507", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01678", "scoring_system": "epss", "scoring_elements": "0.82535", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1841" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1841" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393780", "reference_id": "1393780", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393780" }, { "reference_url": "https://usn.ubuntu.com/3271-1/", "reference_id": "USN-3271-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3271-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/104701?format=api", "purl": "pkg:deb/debian/libxslt@1.1.29-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.29-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104690?format=api", "purl": "pkg:deb/debian/libxslt@1.1.34-4%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.34-4%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104688?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1%2Bdeb12u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104692?format=api", "purl": "pkg:deb/debian/libxslt@1.1.35-1.2%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6f4y-n9m4-vydg" }, { "vulnerability": "VCID-e25f-65vw-ykc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/104691?format=api", "purl": "pkg:deb/debian/libxslt@1.1.45-0.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9q7z-rwe8-zydg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.45-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1841" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zffq-an1r-ckf3" } ], "risk_score": "2.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxslt@1.1.35-1.2%252Bdeb13u3%3Fdistro=trixie" }