Package Instance

reference_id

RHSA-2025:10630

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:10698

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:10699

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:11580

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:11673

reference_url

reference_id

RHSA-2025:11673

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:11673

reference_url

reference_id

RHSA-2025:12098

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12099

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12199

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12237

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12239

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12240

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12241

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:13267

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13289

reference_url

reference_id

RHSA-2025:13289

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13289

reference_url

https://access.redhat.com/errata/RHSA-2025:13325

reference_id

RHSA-2025:13325

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13325

reference_url

reference_id

RHSA-2025:13335

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13336

reference_url

reference_id

RHSA-2025:13336

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13336

reference_url

https://access.redhat.com/errata/RHSA-2025:14059

reference_id

RHSA-2025:14059

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:14059

reference_url

https://access.redhat.com/errata/RHSA-2025:14396

reference_id

RHSA-2025:14396

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:14396

reference_url

https://access.redhat.com/errata/RHSA-2025:15308

reference_id

RHSA-2025:15308

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:15308

reference_url

https://access.redhat.com/errata/RHSA-2025:15672

reference_id

RHSA-2025:15672

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:15672

reference_url

reference_id

RHSA-2025:19020

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2026:7519

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json

reference_url	https://usn.ubuntu.com/7694-1/
reference_id	USN-7694-1
reference_type
scores
url	https://usn.ubuntu.com/7694-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-6021

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27jd-t23h-73f4

url VCID-31w8-13b6-8beh

vulnerability_id VCID-31w8-13b6-8beh

summary libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2

references

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24928

reference_id

reference_type

scores

value	0.00235
scoring_system	epss
scoring_elements	0.46331
published_at	2026-04-02T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46342
published_at	2026-04-24T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46379
published_at	2026-04-11T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46351
published_at	2026-04-12T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46361
published_at	2026-04-21T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46418
published_at	2026-04-16T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46415
published_at	2026-04-18T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46352
published_at	2026-04-04T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.463
published_at	2026-04-07T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46355
published_at	2026-04-08T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46356
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24928

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098321
reference_id	1098321
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098321

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2346421
reference_id	2346421
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2346421

reference_url

https://issues.oss-fuzz.com/issues/392687022

reference_id

392687022

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T03:55:31Z/

url

https://issues.oss-fuzz.com/issues/392687022

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/847

reference_id

847

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T03:55:31Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/847

reference_url	https://access.redhat.com/errata/RHSA-2025:2482
reference_id	RHSA-2025:2482
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2482

reference_url	https://access.redhat.com/errata/RHSA-2025:2483
reference_id	RHSA-2025:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2483

reference_url	https://access.redhat.com/errata/RHSA-2025:2507
reference_id	RHSA-2025:2507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2507

reference_url	https://access.redhat.com/errata/RHSA-2025:2513
reference_id	RHSA-2025:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2513

reference_url	https://access.redhat.com/errata/RHSA-2025:2654
reference_id	RHSA-2025:2654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2654

reference_url	https://access.redhat.com/errata/RHSA-2025:2660
reference_id	RHSA-2025:2660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2660

reference_url	https://access.redhat.com/errata/RHSA-2025:2673
reference_id	RHSA-2025:2673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2673

reference_url	https://access.redhat.com/errata/RHSA-2025:2678
reference_id	RHSA-2025:2678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2678

reference_url	https://access.redhat.com/errata/RHSA-2025:2679
reference_id	RHSA-2025:2679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2679

reference_url	https://access.redhat.com/errata/RHSA-2025:2686
reference_id	RHSA-2025:2686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2686

reference_url	https://access.redhat.com/errata/RHSA-2025:2789
reference_id	RHSA-2025:2789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2789

reference_url	https://access.redhat.com/errata/RHSA-2025:3055
reference_id	RHSA-2025:3055
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3055

reference_url	https://access.redhat.com/errata/RHSA-2025:3368
reference_id	RHSA-2025:3368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3368

reference_url	https://access.redhat.com/errata/RHSA-2025:3397
reference_id	RHSA-2025:3397
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3397

reference_url	https://access.redhat.com/errata/RHSA-2025:3453
reference_id	RHSA-2025:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3453

reference_url	https://access.redhat.com/errata/RHSA-2025:3569
reference_id	RHSA-2025:3569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3569

reference_url	https://access.redhat.com/errata/RHSA-2025:3775
reference_id	RHSA-2025:3775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3775

reference_url	https://access.redhat.com/errata/RHSA-2025:3780
reference_id	RHSA-2025:3780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3780

reference_url	https://access.redhat.com/errata/RHSA-2025:3867
reference_id	RHSA-2025:3867
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3867

reference_url	https://access.redhat.com/errata/RHSA-2025:4005
reference_id	RHSA-2025:4005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4005

reference_url	https://access.redhat.com/errata/RHSA-2025:9895
reference_id	RHSA-2025:9895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9895

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-24928

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31w8-13b6-8beh

url VCID-464a-typa-7qbu

vulnerability_id VCID-464a-typa-7qbu

summary libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command Handling

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6170.json

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6170.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6170

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.10141
published_at	2026-04-24T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10028
published_at	2026-04-02T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10087
published_at	2026-04-04T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09984
published_at	2026-04-07T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10061
published_at	2026-04-08T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10121
published_at	2026-04-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10161
published_at	2026-04-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11253
published_at	2026-04-21T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30679
published_at	2026-04-16T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30661
published_at	2026-04-18T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30698
published_at	2026-04-12T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30654
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107938
reference_id	1107938
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107938

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2372952

reference_id

2372952

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2372952

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/941

reference_id

941

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/941

reference_url

reference_id

AVG-2898

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2025-6170

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id	cpe:/a:redhat:hummingbird:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id	cpe:/a:redhat:openshift:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

reference_id

CVE-2025-6170

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/

url

https://access.redhat.com/security/cve/CVE-2025-6170

reference_url

reference_id

RHSA-2026:7519

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json

reference_url	https://usn.ubuntu.com/7694-1/
reference_id	USN-7694-1
reference_type
scores
url	https://usn.ubuntu.com/7694-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-6170

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-464a-typa-7qbu

url VCID-4m3j-qy8c-4uhk

vulnerability_id VCID-4m3j-qy8c-4uhk

summary NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2309

reference_id

reference_type

scores

value	0.00868
scoring_system	epss
scoring_elements	0.75227
published_at	2026-04-24T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75188
published_at	2026-04-21T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75199
published_at	2026-04-18T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75193
published_at	2026-04-16T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75167
published_at	2026-04-12T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75189
published_at	2026-04-11T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75168
published_at	2026-04-09T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75121
published_at	2026-04-07T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75144
published_at	2026-04-04T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75155
published_at	2026-04-13T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75114
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2309

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2309
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2309

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-wrxv-2j5q-m38w

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-wrxv-2j5q-m38w

reference_url

https://github.com/lxml/lxml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lxml/lxml

reference_url

https://github.com/lxml/lxml/blob/master/CHANGES.txt

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lxml/lxml/blob/master/CHANGES.txt

reference_url

https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml

reference_url

https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00021.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00021.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2309

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2309

reference_url

https://security.gentoo.org/glsa/202208-06

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202208-06

reference_url

https://security.netapp.com/advisory/ntap-20220915-0006

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220915-0006

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014766
reference_id	1014766
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014766

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039991
reference_id	1039991
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039991

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2107571
reference_id	2107571
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2107571

reference_url	https://access.redhat.com/errata/RHSA-2022:8226
reference_id	RHSA-2022:8226
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8226

reference_url	https://usn.ubuntu.com/5760-1/
reference_id	USN-5760-1
reference_type
scores
url	https://usn.ubuntu.com/5760-1/

reference_url	https://usn.ubuntu.com/6028-2/
reference_id	USN-6028-2
reference_type
scores
url	https://usn.ubuntu.com/6028-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2022-2309, GHSA-wrxv-2j5q-m38w, PYSEC-2022-230

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4m3j-qy8c-4uhk

url VCID-62bb-e8vk-7uh4

vulnerability_id VCID-62bb-e8vk-7uh4

summary libxml2: libxml2: Denial of Service via uncontrolled recursion in XML catalog processing

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0990.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0990.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0990

reference_id

reference_type

scores

value	0.00056
scoring_system	epss
scoring_elements	0.17493
published_at	2026-04-16T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17538
published_at	2026-04-21T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17502
published_at	2026-04-18T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17648
published_at	2026-04-11T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17601
published_at	2026-04-12T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17549
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19094
published_at	2026-04-02T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19146
published_at	2026-04-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18863
published_at	2026-04-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18942
published_at	2026-04-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18996
published_at	2026-04-09T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19085
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0990

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018

reference_id

1018

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:20Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125695
reference_id	1125695
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125695

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2429959

reference_id

2429959

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:20Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2429959

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id	cpe:/a:redhat:hummingbird:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id	cpe:/a:redhat:openshift:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2026-0990

reference_id

CVE-2026-0990

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:20Z/

url

https://access.redhat.com/security/cve/CVE-2026-0990

reference_url

reference_id

RHSA-2026:7519

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:20Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49794.json

reference_url	https://usn.ubuntu.com/7974-1/
reference_id	USN-7974-1
reference_type
scores
url	https://usn.ubuntu.com/7974-1/

fixed_packages

url	pkg:deb/debian/libxml2@2.15.1%2Bdfsg-2
purl	pkg:deb/debian/libxml2@2.15.1%2Bdfsg-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.1%252Bdfsg-2

aliases CVE-2026-0990

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62bb-e8vk-7uh4

url VCID-74y5-vcxn-2ygr

vulnerability_id VCID-74y5-vcxn-2ygr

summary libxml: Heap use after free (UAF) leads to Denial of service (DoS)

references

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49794.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-49794

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.31508
published_at	2026-04-02T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31549
published_at	2026-04-04T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31368
published_at	2026-04-07T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31421
published_at	2026-04-08T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31452
published_at	2026-04-09T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31455
published_at	2026-04-11T12:55:00Z

value	0.00363
scoring_system	epss
scoring_elements	0.58432
published_at	2026-04-21T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63475
published_at	2026-04-18T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63479
published_at	2026-04-24T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63469
published_at	2026-04-12T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63434
published_at	2026-04-13T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63467
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-49794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107755
reference_id	1107755
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107755

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2372373

reference_id

2372373

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2372373

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/931

reference_id

931

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/931

reference_url

reference_id

AVG-2898

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2025-49794

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9
reference_id	cpe:/a:redhat:cert_manager:1.16::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id	cpe:/a:redhat:hummingbird:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9
reference_id	cpe:/a:redhat:insights_proxy:1.5::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8
reference_id	cpe:/a:redhat:openshift:4.12::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
reference_id	cpe:/a:redhat:openshift:4.13::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
reference_id	cpe:/a:redhat:openshift:4.14::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9
reference_id	cpe:/a:redhat:openshift:4.17::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9
reference_id	cpe:/a:redhat:openshift:4.18::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9
reference_id	cpe:/a:redhat:openshift:4.19::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9
reference_id	cpe:/a:redhat:openshift:4.20::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9
reference_id	cpe:/a:redhat:openshift_file_integrity_operator:1::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8
reference_id	cpe:/a:redhat:openshift_serverless:1.36::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_id	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9
reference_id	cpe:/a:redhat:webterminal:1.11::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9
reference_id	cpe:/a:redhat:webterminal:1.12::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
reference_id	cpe:/o:redhat:enterprise_linux:10.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
reference_id	cpe:/o:redhat:enterprise_linux:8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
reference_id	cpe:/o:redhat:enterprise_linux:9::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos
reference_id	cpe:/o:redhat:rhel_e4s:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos
reference_id	cpe:/o:redhat:rhel_e4s:8.8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.0::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7
reference_id	cpe:/o:redhat:rhel_els:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos
reference_id	cpe:/o:redhat:rhel_eus:9.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
reference_id	cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos
reference_id	cpe:/o:redhat:rhel_tus:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos
reference_id	cpe:/o:redhat:rhel_tus:8.8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos

reference_url

reference_id

CVE-2025-49794

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

https://access.redhat.com/security/cve/CVE-2025-49794

reference_url

reference_id

RHSA-2025:10630

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:10698

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:10699

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:11580

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12098

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12099

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12199

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12237

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12239

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12240

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12241

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:13335

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:15827

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:15828

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:18219

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:19020

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:21913

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2026:0934

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2026:7519

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34459.json

reference_url	https://usn.ubuntu.com/7694-1/
reference_id	USN-7694-1
reference_type
scores
url	https://usn.ubuntu.com/7694-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-49794

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-74y5-vcxn-2ygr

url VCID-8d2w-3c3p-zqaz

vulnerability_id VCID-8d2w-3c3p-zqaz

summary libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34459.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-34459

reference_id

reference_type

scores

value	0.0078
scoring_system	epss
scoring_elements	0.7372
published_at	2026-04-16T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73676
published_at	2026-04-13T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73685
published_at	2026-04-12T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73702
published_at	2026-04-11T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.7368
published_at	2026-04-09T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73667
published_at	2026-04-08T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73632
published_at	2026-04-07T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73635
published_at	2026-04-02T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73659
published_at	2026-04-04T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86922
published_at	2026-04-24T12:55:00Z

value	0.03141
scoring_system	epss
scoring_elements	0.86905
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-34459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071162
reference_id	1071162
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071162

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2280532
reference_id	2280532
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2280532

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/

reference_id

5HVUXKYTBWT3G5DEEQX62STJQBY367NL

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/

reference_id

INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/

reference_url	https://usn.ubuntu.com/7240-1/
reference_id	USN-7240-1
reference_type
scores
url	https://usn.ubuntu.com/7240-1/

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8

reference_id

v2.11.8

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7

reference_id

v2.12.7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/

reference_id

VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2024-34459

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8d2w-3c3p-zqaz

url VCID-aasn-u7fd-8bhy

vulnerability_id VCID-aasn-u7fd-8bhy

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39615

reference_id

reference_type

scores

value	0.00117
scoring_system	epss
scoring_elements	0.30398
published_at	2026-04-24T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30649
published_at	2026-04-12T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30604
published_at	2026-04-13T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30629
published_at	2026-04-16T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30612
published_at	2026-04-18T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30578
published_at	2026-04-21T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.32187
published_at	2026-04-11T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.32184
published_at	2026-04-09T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34276
published_at	2026-04-04T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34244
published_at	2026-04-02T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.363
published_at	2026-04-08T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36251
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39615

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/535

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:25:30Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/535

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230
reference_id	1051230
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2235864
reference_id	2235864
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2235864

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-39615
reference_id	CVE-2023-39615
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-39615

reference_url	https://access.redhat.com/errata/RHSA-2023:7544
reference_id	RHSA-2023:7544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7544

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://access.redhat.com/errata/RHSA-2023:7747
reference_id	RHSA-2023:7747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7747

reference_url	https://access.redhat.com/errata/RHSA-2024:0119
reference_id	RHSA-2024:0119
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0119

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://access.redhat.com/errata/RHSA-2024:1317
reference_id	RHSA-2024:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1317

reference_url	https://access.redhat.com/errata/RHSA-2024:1383
reference_id	RHSA-2024:1383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1383

reference_url	https://access.redhat.com/errata/RHSA-2024:1477
reference_id	RHSA-2024:1477
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1477

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2023-39615

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aasn-u7fd-8bhy

url VCID-ahha-vnq4-7qd2

vulnerability_id VCID-ahha-vnq4-7qd2

summary libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9714

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.00812
published_at	2026-04-04T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00966
published_at	2026-04-24T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00905
published_at	2026-04-16T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00913
published_at	2026-04-18T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00963
published_at	2026-04-21T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00924
published_at	2026-04-09T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00927
published_at	2026-04-08T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00912
published_at	2026-04-11T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00907
published_at	2026-04-12T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00909
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9714

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2392605
reference_id	2392605
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2392605

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21

reference_id

677a42645ef22b5a50741bad5facf9d8a8bc6d21

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T18:46:42Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21

reference_url	https://access.redhat.com/errata/RHSA-2025:22162
reference_id	RHSA-2025:22162
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22162

reference_url	https://access.redhat.com/errata/RHSA-2025:22163
reference_id	RHSA-2025:22163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22163

reference_url	https://access.redhat.com/errata/RHSA-2025:22177
reference_id	RHSA-2025:22177
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22177

reference_url	https://access.redhat.com/errata/RHSA-2025:22376
reference_id	RHSA-2025:22376
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22376

reference_url	https://access.redhat.com/errata/RHSA-2025:22377
reference_id	RHSA-2025:22377
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22377

reference_url	https://access.redhat.com/errata/RHSA-2025:22868
reference_id	RHSA-2025:22868
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22868

reference_url	https://access.redhat.com/errata/RHSA-2025:23202
reference_id	RHSA-2025:23202
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23202

reference_url	https://access.redhat.com/errata/RHSA-2025:23204
reference_id	RHSA-2025:23204
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23204

reference_url	https://access.redhat.com/errata/RHSA-2025:23205
reference_id	RHSA-2025:23205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23205

reference_url	https://access.redhat.com/errata/RHSA-2025:23209
reference_id	RHSA-2025:23209
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23209

reference_url	https://access.redhat.com/errata/RHSA-2025:23227
reference_id	RHSA-2025:23227
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23227

reference_url	https://access.redhat.com/errata/RHSA-2025:23234
reference_id	RHSA-2025:23234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23234

reference_url	https://access.redhat.com/errata/RHSA-2025:23449
reference_id	RHSA-2025:23449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23449

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0677
reference_id	RHSA-2026:0677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0677

reference_url	https://access.redhat.com/errata/RHSA-2026:0702
reference_id	RHSA-2026:0702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0702

reference_url	https://access.redhat.com/errata/RHSA-2026:0978
reference_id	RHSA-2026:0978
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0978

reference_url	https://access.redhat.com/errata/RHSA-2026:0980
reference_id	RHSA-2026:0980
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0980

reference_url	https://access.redhat.com/errata/RHSA-2026:0985
reference_id	RHSA-2026:0985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0985

reference_url	https://access.redhat.com/errata/RHSA-2026:0996
reference_id	RHSA-2026:0996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0996

reference_url	https://access.redhat.com/errata/RHSA-2026:1539
reference_id	RHSA-2026:1539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1539

reference_url	https://access.redhat.com/errata/RHSA-2026:1541
reference_id	RHSA-2026:1541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1541

reference_url	https://access.redhat.com/errata/RHSA-2026:1652
reference_id	RHSA-2026:1652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1652

reference_url	https://access.redhat.com/errata/RHSA-2026:3461
reference_id	RHSA-2026:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3461

reference_url	https://access.redhat.com/errata/RHSA-2026:3462
reference_id	RHSA-2026:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3462

reference_url	https://access.redhat.com/errata/RHSA-2026:7519
reference_id	RHSA-2026:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7519

reference_url	https://usn.ubuntu.com/7743-1/
reference_id	USN-7743-1
reference_type
scores
url	https://usn.ubuntu.com/7743-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-9714

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ahha-vnq4-7qd2

url VCID-bz1e-1ypb-kkgg

vulnerability_id VCID-bz1e-1ypb-kkgg

summary libxml: Type confusion leads to Denial of service (DoS)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49796.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49796.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-49796

reference_id

reference_type

scores

value	0.00496
scoring_system	epss
scoring_elements	0.65756
published_at	2026-04-07T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65761
published_at	2026-04-02T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65791
published_at	2026-04-04T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65809
published_at	2026-04-08T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.6582
published_at	2026-04-09T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.6584
published_at	2026-04-11T12:55:00Z

value	0.01455
scoring_system	epss
scoring_elements	0.80845
published_at	2026-04-21T12:55:00Z

value	0.01777
scoring_system	epss
scoring_elements	0.82724
published_at	2026-04-16T12:55:00Z

value	0.01777
scoring_system	epss
scoring_elements	0.82725
published_at	2026-04-18T12:55:00Z

value	0.01777
scoring_system	epss
scoring_elements	0.8275
published_at	2026-04-24T12:55:00Z

value	0.01777
scoring_system	epss
scoring_elements	0.82689
published_at	2026-04-12T12:55:00Z

value	0.01777
scoring_system	epss
scoring_elements	0.82685
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-49796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107752
reference_id	1107752
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107752

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2372385

reference_id

2372385

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2372385

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/933

reference_id

933

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/933

reference_url

reference_id

AVG-2898

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2025-49796

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9
reference_id	cpe:/a:redhat:cert_manager:1.16::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9
reference_id	cpe:/a:redhat:discovery:2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id	cpe:/a:redhat:hummingbird:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9
reference_id	cpe:/a:redhat:insights_proxy:1.5::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8
reference_id	cpe:/a:redhat:openshift:4.12::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
reference_id	cpe:/a:redhat:openshift:4.13::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
reference_id	cpe:/a:redhat:openshift:4.14::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9
reference_id	cpe:/a:redhat:openshift:4.17::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9
reference_id	cpe:/a:redhat:openshift:4.18::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9
reference_id	cpe:/a:redhat:openshift:4.19::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9
reference_id	cpe:/a:redhat:openshift:4.20::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9
reference_id	cpe:/a:redhat:openshift_file_integrity_operator:1::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8
reference_id	cpe:/a:redhat:openshift_serverless:1.36::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_id	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9
reference_id	cpe:/a:redhat:webterminal:1.11::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9
reference_id	cpe:/a:redhat:webterminal:1.12::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
reference_id	cpe:/o:redhat:enterprise_linux:10.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
reference_id	cpe:/o:redhat:enterprise_linux:8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
reference_id	cpe:/o:redhat:enterprise_linux:9::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos
reference_id	cpe:/o:redhat:rhel_e4s:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos
reference_id	cpe:/o:redhat:rhel_e4s:8.8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.0::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7
reference_id	cpe:/o:redhat:rhel_els:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos
reference_id	cpe:/o:redhat:rhel_eus:9.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
reference_id	cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos
reference_id	cpe:/o:redhat:rhel_tus:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos
reference_id	cpe:/o:redhat:rhel_tus:8.8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos

reference_url

reference_id

CVE-2025-49796

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

https://access.redhat.com/security/cve/CVE-2025-49796

reference_url

reference_id

RHSA-2025:10630

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:10698

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:10699

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:11580

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12098

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12099

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12199

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12237

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12239

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12240

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12241

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:13267

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:13335

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:15827

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:15828

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:18219

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:19020

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:21913

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2026:0934

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2026:7519

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56171.json

reference_url	https://usn.ubuntu.com/7694-1/
reference_id	USN-7694-1
reference_type
scores
url	https://usn.ubuntu.com/7694-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-49796

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bz1e-1ypb-kkgg

url VCID-c9ds-faa9-t7be

vulnerability_id VCID-c9ds-faa9-t7be

summary libxml2: Use-After-Free in libxml2

references

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56171.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-56171

reference_id

reference_type

scores

value	0.00183
scoring_system	epss
scoring_elements	0.39767
published_at	2026-04-24T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40048
published_at	2026-04-16T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40018
published_at	2026-04-18T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.3994
published_at	2026-04-21T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40029
published_at	2026-04-02T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40055
published_at	2026-04-04T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.39977
published_at	2026-04-07T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.4003
published_at	2026-04-08T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40044
published_at	2026-04-09T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40054
published_at	2026-04-11T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40017
published_at	2026-04-12T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.39997
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-56171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098320
reference_id	1098320
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098320

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2346416
reference_id	2346416
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2346416

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

reference_id

828

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T16:26:31Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

reference_url	https://access.redhat.com/errata/RHSA-2025:2482
reference_id	RHSA-2025:2482
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2482

reference_url	https://access.redhat.com/errata/RHSA-2025:2483
reference_id	RHSA-2025:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2483

reference_url	https://access.redhat.com/errata/RHSA-2025:2507
reference_id	RHSA-2025:2507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2507

reference_url	https://access.redhat.com/errata/RHSA-2025:2513
reference_id	RHSA-2025:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2513

reference_url	https://access.redhat.com/errata/RHSA-2025:2654
reference_id	RHSA-2025:2654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2654

reference_url	https://access.redhat.com/errata/RHSA-2025:2660
reference_id	RHSA-2025:2660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2660

reference_url	https://access.redhat.com/errata/RHSA-2025:2673
reference_id	RHSA-2025:2673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2673

reference_url	https://access.redhat.com/errata/RHSA-2025:2678
reference_id	RHSA-2025:2678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2678

reference_url	https://access.redhat.com/errata/RHSA-2025:2679
reference_id	RHSA-2025:2679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2679

reference_url	https://access.redhat.com/errata/RHSA-2025:2686
reference_id	RHSA-2025:2686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2686

reference_url	https://access.redhat.com/errata/RHSA-2025:2789
reference_id	RHSA-2025:2789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2789

reference_url	https://access.redhat.com/errata/RHSA-2025:3055
reference_id	RHSA-2025:3055
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3055

reference_url	https://access.redhat.com/errata/RHSA-2025:3059
reference_id	RHSA-2025:3059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3059

reference_url	https://access.redhat.com/errata/RHSA-2025:3066
reference_id	RHSA-2025:3066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3066

reference_url	https://access.redhat.com/errata/RHSA-2025:3368
reference_id	RHSA-2025:3368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3368

reference_url	https://access.redhat.com/errata/RHSA-2025:3397
reference_id	RHSA-2025:3397
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3397

reference_url	https://access.redhat.com/errata/RHSA-2025:3453
reference_id	RHSA-2025:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3453

reference_url	https://access.redhat.com/errata/RHSA-2025:3569
reference_id	RHSA-2025:3569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3569

reference_url	https://access.redhat.com/errata/RHSA-2025:3867
reference_id	RHSA-2025:3867
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3867

reference_url	https://access.redhat.com/errata/RHSA-2025:4005
reference_id	RHSA-2025:4005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4005

reference_url	https://access.redhat.com/errata/RHSA-2025:9895
reference_id	RHSA-2025:9895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9895

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2024-56171

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c9ds-faa9-t7be

url VCID-d1ar-1945-sygd

vulnerability_id VCID-d1ar-1945-sygd

summary libxml2: libxml2: Denial of Service via crafted XML catalogs

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0992.json

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0992.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0992

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05454
published_at	2026-04-11T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05441
published_at	2026-04-12T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05561
published_at	2026-04-21T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05393
published_at	2026-04-18T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05386
published_at	2026-04-16T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05435
published_at	2026-04-13T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05946
published_at	2026-04-24T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06127
published_at	2026-04-08T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06075
published_at	2026-04-02T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06166
published_at	2026-04-09T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06086
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06103
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0992

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019

reference_id

1019

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:06Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125696
reference_id	1125696
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125696

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2429975

reference_id

2429975

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:06Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2429975

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id	cpe:/a:redhat:hummingbird:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id	cpe:/a:redhat:openshift:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2026-0992

reference_id

CVE-2026-0992

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:06Z/

url

https://access.redhat.com/security/cve/CVE-2026-0992

reference_url

reference_id

RHSA-2026:7519

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:06Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25062.json

reference_url	https://usn.ubuntu.com/7974-1/
reference_id	USN-7974-1
reference_type
scores
url	https://usn.ubuntu.com/7974-1/

fixed_packages

url	pkg:deb/debian/libxml2@2.15.1%2Bdfsg-2
purl	pkg:deb/debian/libxml2@2.15.1%2Bdfsg-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.1%252Bdfsg-2

aliases CVE-2026-0992

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d1ar-1945-sygd

url VCID-d68t-f8j1-h3am

vulnerability_id VCID-d68t-f8j1-h3am

summary

Use After Free
When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25062.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-25062

reference_id

reference_type

scores

value	0.00165
scoring_system	epss
scoring_elements	0.37287
published_at	2026-04-24T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37574
published_at	2026-04-12T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37547
published_at	2026-04-13T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37591
published_at	2026-04-16T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37572
published_at	2026-04-18T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37508
published_at	2026-04-21T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37627
published_at	2026-04-02T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37651
published_at	2026-04-04T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37529
published_at	2026-04-07T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37581
published_at	2026-04-08T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37594
published_at	2026-04-09T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37608
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-25062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/604

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T17:35:33Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/604

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063234
reference_id	1063234
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063234

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2262726
reference_id	2262726
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2262726

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

reference_url	https://access.redhat.com/errata/RHSA-2024:1317
reference_id	RHSA-2024:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1317

reference_url	https://access.redhat.com/errata/RHSA-2024:2679
reference_id	RHSA-2024:2679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2679

reference_url	https://access.redhat.com/errata/RHSA-2024:3299
reference_id	RHSA-2024:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3299

reference_url	https://access.redhat.com/errata/RHSA-2024:3303
reference_id	RHSA-2024:3303
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3303

reference_url	https://access.redhat.com/errata/RHSA-2024:3625
reference_id	RHSA-2024:3625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3625

reference_url	https://access.redhat.com/errata/RHSA-2024:3626
reference_id	RHSA-2024:3626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3626

reference_url

reference_id

tags

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T17:35:33Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32414.json

reference_url	https://usn.ubuntu.com/6658-1/
reference_id	USN-6658-1
reference_type
scores
url	https://usn.ubuntu.com/6658-1/

reference_url	https://usn.ubuntu.com/6658-2/
reference_id	USN-6658-2
reference_type
scores
url	https://usn.ubuntu.com/6658-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2024-25062

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d68t-f8j1-h3am

url VCID-drkd-yykc-ayge

vulnerability_id VCID-drkd-yykc-ayge

summary libxml2: Out-of-Bounds Read in libxml2

references

reference_url

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32414.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-32414

reference_id

reference_type

scores

value	0.00178
scoring_system	epss
scoring_elements	0.3946
published_at	2026-04-02T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39169
published_at	2026-04-24T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39476
published_at	2026-04-16T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39447
published_at	2026-04-18T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39361
published_at	2026-04-21T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39483
published_at	2026-04-04T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39397
published_at	2026-04-07T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39453
published_at	2026-04-08T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39468
published_at	2026-04-09T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39479
published_at	2026-04-11T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39441
published_at	2026-04-12T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39424
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102521
reference_id	1102521
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102521

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2358121
reference_id	2358121
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2358121

reference_url	https://access.redhat.com/errata/RHSA-2025:12098
reference_id	RHSA-2025:12098
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12098

reference_url	https://access.redhat.com/errata/RHSA-2025:12237
reference_id	RHSA-2025:12237
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12237

reference_url	https://access.redhat.com/errata/RHSA-2025:12239
reference_id	RHSA-2025:12239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12239

reference_url	https://access.redhat.com/errata/RHSA-2025:12240
reference_id	RHSA-2025:12240
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12240

reference_url	https://access.redhat.com/errata/RHSA-2025:12241
reference_id	RHSA-2025:12241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12241

reference_url	https://access.redhat.com/errata/RHSA-2025:13428
reference_id	RHSA-2025:13428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13428

reference_url	https://access.redhat.com/errata/RHSA-2025:13429
reference_id	RHSA-2025:13429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13429

reference_url	https://access.redhat.com/errata/RHSA-2025:13677
reference_id	RHSA-2025:13677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13677

reference_url	https://access.redhat.com/errata/RHSA-2025:13681
reference_id	RHSA-2025:13681
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13681

reference_url	https://access.redhat.com/errata/RHSA-2025:13683
reference_id	RHSA-2025:13683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13683

reference_url	https://access.redhat.com/errata/RHSA-2025:13684
reference_id	RHSA-2025:13684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13684

reference_url	https://access.redhat.com/errata/RHSA-2025:14059
reference_id	RHSA-2025:14059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14059

reference_url	https://access.redhat.com/errata/RHSA-2025:14644
reference_id	RHSA-2025:14644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14644

reference_url	https://access.redhat.com/errata/RHSA-2025:14818
reference_id	RHSA-2025:14818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14818

reference_url	https://access.redhat.com/errata/RHSA-2025:14819
reference_id	RHSA-2025:14819
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14819

reference_url	https://access.redhat.com/errata/RHSA-2025:14853
reference_id	RHSA-2025:14853
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14853

reference_url	https://access.redhat.com/errata/RHSA-2025:14858
reference_id	RHSA-2025:14858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14858

reference_url	https://access.redhat.com/errata/RHSA-2025:15308
reference_id	RHSA-2025:15308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15308

reference_url	https://access.redhat.com/errata/RHSA-2025:15672
reference_id	RHSA-2025:15672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15672

reference_url	https://access.redhat.com/errata/RHSA-2025:16159
reference_id	RHSA-2025:16159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16159

reference_url	https://access.redhat.com/errata/RHSA-2025:22529
reference_id	RHSA-2025:22529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22529

reference_url	https://access.redhat.com/errata/RHSA-2025:8958
reference_id	RHSA-2025:8958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:8958

reference_url	https://access.redhat.com/errata/RHSA-2026:7519
reference_id	RHSA-2026:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7519

reference_url	https://usn.ubuntu.com/7467-1/
reference_id	USN-7467-1
reference_type
scores
url	https://usn.ubuntu.com/7467-1/

reference_url	https://usn.ubuntu.com/7467-2/
reference_id	USN-7467-2
reference_type
scores
url	https://usn.ubuntu.com/7467-2/

reference_url	https://usn.ubuntu.com/7896-1/
reference_id	USN-7896-1
reference_type
scores
url	https://usn.ubuntu.com/7896-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-32414

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drkd-yykc-ayge

url VCID-hafa-bcpu-8uaj

vulnerability_id VCID-hafa-bcpu-8uaj

summary libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27113

reference_id

reference_type

scores

value	0.00094
scoring_system	epss
scoring_elements	0.26313
published_at	2026-04-02T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26026
published_at	2026-04-24T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.2615
published_at	2026-04-16T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26126
published_at	2026-04-18T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26087
published_at	2026-04-21T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26354
published_at	2026-04-04T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26127
published_at	2026-04-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26194
published_at	2026-04-08T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26242
published_at	2026-04-09T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26249
published_at	2026-04-11T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26204
published_at	2026-04-12T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26146
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27113

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098322
reference_id	1098322
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098322

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2346410
reference_id	2346410
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2346410

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/861

reference_id

861

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:33:43Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/861

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-27113

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hafa-bcpu-8uaj

url VCID-knx8-5fpz-zbgn

vulnerability_id VCID-knx8-5fpz-zbgn

summary libxml2: Unbounded RelaxNG Include Recursion Leading to Stack Overflow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0989.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0989.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0989

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.05094
published_at	2026-04-16T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05252
published_at	2026-04-21T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.051
published_at	2026-04-18T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05181
published_at	2026-04-11T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05165
published_at	2026-04-12T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05151
published_at	2026-04-13T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05458
published_at	2026-04-02T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05492
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05495
published_at	2026-04-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05531
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05552
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05691
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125691
reference_id	1125691
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125691

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2429933

reference_id

2429933

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:12Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2429933

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/998

reference_id

998

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:12Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/998

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id	cpe:/a:redhat:hummingbird:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id	cpe:/a:redhat:openshift:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2026-0989

reference_id

CVE-2026-0989

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:12Z/

url

https://access.redhat.com/security/cve/CVE-2026-0989

reference_url

reference_id

RHSA-2026:7519

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-15T16:31:12Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1757.json

reference_url	https://usn.ubuntu.com/7974-1/
reference_id	USN-7974-1
reference_type
scores
url	https://usn.ubuntu.com/7974-1/

fixed_packages

url	pkg:deb/debian/libxml2@2.15.1%2Bdfsg-2
purl	pkg:deb/debian/libxml2@2.15.1%2Bdfsg-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.1%252Bdfsg-2

aliases CVE-2026-0989

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-knx8-5fpz-zbgn

url VCID-nj3a-zqw9-6bga

vulnerability_id VCID-nj3a-zqw9-6bga

summary libxml2: Memory Leak Leading to Local Denial of Service in xmllint Interactive Shell

references

reference_url

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1757.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1757

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00443
published_at	2026-04-07T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00454
published_at	2026-04-02T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00442
published_at	2026-04-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00496
published_at	2026-04-13T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00494
published_at	2026-04-12T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00492
published_at	2026-04-16T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00497
published_at	2026-04-18T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00528
published_at	2026-04-21T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00451
published_at	2026-04-04T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.0044
published_at	2026-04-08T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00937
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1757

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009

reference_id

1009

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:35:15Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2435940

reference_id

2435940

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:35:15Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2435940

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id	cpe:/a:redhat:hummingbird:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id	cpe:/a:redhat:openshift:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2026-1757

reference_id

CVE-2026-1757

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:35:15Z/

url

https://access.redhat.com/security/cve/CVE-2026-1757

reference_url

reference_id

RHSA-2026:7519

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T17:35:15Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3709.json

fixed_packages

url	pkg:deb/debian/libxml2@2.15.1%2Bdfsg-2
purl	pkg:deb/debian/libxml2@2.15.1%2Bdfsg-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.1%252Bdfsg-2

aliases CVE-2026-1757

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nj3a-zqw9-6bga

url VCID-nuh8-qd25-ykan

vulnerability_id VCID-nuh8-qd25-ykan

summary libxml2: Incorrect server side include parsing can lead to XSS

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3709.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3709

reference_id

reference_type

scores

value	0.00139
scoring_system	epss
scoring_elements	0.33794
published_at	2026-04-01T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34132
published_at	2026-04-02T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34164
published_at	2026-04-04T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34024
published_at	2026-04-07T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34067
published_at	2026-04-08T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45539
published_at	2026-04-18T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45405
published_at	2026-04-24T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45499
published_at	2026-04-09T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45519
published_at	2026-04-11T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45489
published_at	2026-04-21T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45494
published_at	2026-04-13T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45542
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2112766
reference_id	2112766
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2112766

reference_url	https://access.redhat.com/errata/RHSA-2022:7715
reference_id	RHSA-2022:7715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7715

reference_url	https://access.redhat.com/errata/RHSA-2023:4767
reference_id	RHSA-2023:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4767

reference_url	https://usn.ubuntu.com/5548-1/
reference_id	USN-5548-1
reference_type
scores
url	https://usn.ubuntu.com/5548-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2016-3709

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nuh8-qd25-ykan

url VCID-pdv9-xrh8-d3fz

vulnerability_id VCID-pdv9-xrh8-d3fz

summary

Use After Free
This advisory has been marked as False Positive and removed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45322.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45322.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45322

reference_id

reference_type

scores

value	0.0007
scoring_system	epss
scoring_elements	0.2135
published_at	2026-04-24T12:55:00Z

value	0.0007
scoring_system	epss
scoring_elements	0.21497
published_at	2026-04-21T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22953
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.229
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22843
published_at	2026-04-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22857
published_at	2026-04-16T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22851
published_at	2026-04-18T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22997
published_at	2026-04-04T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22789
published_at	2026-04-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22864
published_at	2026-04-08T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22916
published_at	2026-04-09T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22937
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45322

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/344

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/344

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/583

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/583

reference_url

http://www.openwall.com/lists/oss-security/2023/10/06/5

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/

url

http://www.openwall.com/lists/oss-security/2023/10/06/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053629
reference_id	1053629
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053629

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2242945
reference_id	2242945
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2242945

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-45322
reference_id	CVE-2023-45322
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-45322

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2023-45322

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pdv9-xrh8-d3fz

url VCID-qh44-gavt-rbdw

vulnerability_id VCID-qh44-gavt-rbdw

summary libxml: use-after-free in xmlXIncludeAddNode

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49043.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49043.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-49043

reference_id

reference_type

scores

value	0.00222
scoring_system	epss
scoring_elements	0.448
published_at	2026-04-02T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44698
published_at	2026-04-24T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44802
published_at	2026-04-12T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44803
published_at	2026-04-13T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44857
published_at	2026-04-16T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.4485
published_at	2026-04-18T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44785
published_at	2026-04-21T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44821
published_at	2026-04-04T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44761
published_at	2026-04-07T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44813
published_at	2026-04-08T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44816
published_at	2026-04-09T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44832
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-49043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49043

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238
reference_id	1094238
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238

reference_url

https://github.com/php/php-src/issues/17467

reference_id

17467

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-27T14:52:22Z/

url

https://github.com/php/php-src/issues/17467

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2342118
reference_id	2342118
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2342118

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b

reference_id

5a19e21605398cef6a8b1452477a8705cb41562b

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-27T14:52:22Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b

reference_url	https://access.redhat.com/errata/RHSA-2025:1350
reference_id	RHSA-2025:1350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1350

reference_url	https://access.redhat.com/errata/RHSA-2025:1487
reference_id	RHSA-2025:1487
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1487

reference_url	https://access.redhat.com/errata/RHSA-2025:1516
reference_id	RHSA-2025:1516
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1516

reference_url	https://access.redhat.com/errata/RHSA-2025:1517
reference_id	RHSA-2025:1517
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1517

reference_url	https://access.redhat.com/errata/RHSA-2025:1925
reference_id	RHSA-2025:1925
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1925

reference_url	https://access.redhat.com/errata/RHSA-2025:2507
reference_id	RHSA-2025:2507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2507

reference_url	https://access.redhat.com/errata/RHSA-2025:2678
reference_id	RHSA-2025:2678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2678

reference_url	https://access.redhat.com/errata/RHSA-2025:3775
reference_id	RHSA-2025:3775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3775

reference_url	https://access.redhat.com/errata/RHSA-2025:4409
reference_id	RHSA-2025:4409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4409

reference_url	https://access.redhat.com/errata/RHSA-2025:4422
reference_id	RHSA-2025:4422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4422

reference_url	https://access.redhat.com/errata/RHSA-2025:4677
reference_id	RHSA-2025:4677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4677

reference_url	https://access.redhat.com/errata/RHSA-2025:7702
reference_id	RHSA-2025:7702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7702

reference_url	https://usn.ubuntu.com/7240-1/
reference_id	USN-7240-1
reference_type
scores
url	https://usn.ubuntu.com/7240-1/

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2022-49043

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qh44-gavt-rbdw

url VCID-qp6y-dt1j-97df

vulnerability_id VCID-qp6y-dt1j-97df

summary libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-32415

reference_id

reference_type

scores

value	0.00071
scoring_system	epss
scoring_elements	0.21953
published_at	2026-04-02T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21642
published_at	2026-04-24T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.2182
published_at	2026-04-16T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21826
published_at	2026-04-18T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.2179
published_at	2026-04-21T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.22006
published_at	2026-04-04T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21771
published_at	2026-04-07T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21848
published_at	2026-04-08T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21904
published_at	2026-04-09T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21915
published_at	2026-04-11T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21874
published_at	2026-04-12T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21817
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103511
reference_id	1103511
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103511

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2360768
reference_id	2360768
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2360768

reference_url	https://access.redhat.com/errata/RHSA-2025:13203
reference_id	RHSA-2025:13203
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13203

reference_url	https://access.redhat.com/errata/RHSA-2025:13428
reference_id	RHSA-2025:13428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13428

reference_url	https://access.redhat.com/errata/RHSA-2025:13429
reference_id	RHSA-2025:13429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13429

reference_url	https://access.redhat.com/errata/RHSA-2025:13622
reference_id	RHSA-2025:13622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13622

reference_url	https://access.redhat.com/errata/RHSA-2025:13677
reference_id	RHSA-2025:13677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13677

reference_url	https://access.redhat.com/errata/RHSA-2025:13681
reference_id	RHSA-2025:13681
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13681

reference_url	https://access.redhat.com/errata/RHSA-2025:13683
reference_id	RHSA-2025:13683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13683

reference_url	https://access.redhat.com/errata/RHSA-2025:13684
reference_id	RHSA-2025:13684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13684

reference_url	https://access.redhat.com/errata/RHSA-2025:13688
reference_id	RHSA-2025:13688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13688

reference_url	https://access.redhat.com/errata/RHSA-2025:13689
reference_id	RHSA-2025:13689
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13689

reference_url	https://access.redhat.com/errata/RHSA-2025:13788
reference_id	RHSA-2025:13788
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13788

reference_url	https://access.redhat.com/errata/RHSA-2025:13789
reference_id	RHSA-2025:13789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13789

reference_url	https://access.redhat.com/errata/RHSA-2025:13806
reference_id	RHSA-2025:13806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13806

reference_url	https://access.redhat.com/errata/RHSA-2025:14059
reference_id	RHSA-2025:14059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14059

reference_url	https://access.redhat.com/errata/RHSA-2025:14186
reference_id	RHSA-2025:14186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14186

reference_url	https://access.redhat.com/errata/RHSA-2025:14644
reference_id	RHSA-2025:14644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14644

reference_url	https://access.redhat.com/errata/RHSA-2025:14818
reference_id	RHSA-2025:14818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14818

reference_url	https://access.redhat.com/errata/RHSA-2025:14819
reference_id	RHSA-2025:14819
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14819

reference_url	https://access.redhat.com/errata/RHSA-2025:14853
reference_id	RHSA-2025:14853
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14853

reference_url	https://access.redhat.com/errata/RHSA-2025:14858
reference_id	RHSA-2025:14858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14858

reference_url	https://access.redhat.com/errata/RHSA-2025:15308
reference_id	RHSA-2025:15308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15308

reference_url	https://access.redhat.com/errata/RHSA-2025:15672
reference_id	RHSA-2025:15672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15672

reference_url	https://access.redhat.com/errata/RHSA-2025:16159
reference_id	RHSA-2025:16159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16159

reference_url	https://access.redhat.com/errata/RHSA-2025:22529
reference_id	RHSA-2025:22529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22529

reference_url	https://access.redhat.com/errata/RHSA-2026:7519
reference_id	RHSA-2026:7519
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7519

reference_url	https://usn.ubuntu.com/7467-1/
reference_id	USN-7467-1
reference_type
scores
url	https://usn.ubuntu.com/7467-1/

reference_url	https://usn.ubuntu.com/7467-2/
reference_id	USN-7467-2
reference_type
scores
url	https://usn.ubuntu.com/7467-2/

reference_url	https://usn.ubuntu.com/7896-1/
reference_id	USN-7896-1
reference_type
scores
url	https://usn.ubuntu.com/7896-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-32415

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qp6y-dt1j-97df

Fixing_vulnerabilities

url VCID-782a-uast-nbch

vulnerability_id VCID-782a-uast-nbch

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20388.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20388.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20388

reference_id

reference_type

scores

value	0.00614
scoring_system	epss
scoring_elements	0.69863
published_at	2026-04-13T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69946
published_at	2026-04-24T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69895
published_at	2026-04-21T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69913
published_at	2026-04-18T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69904
published_at	2026-04-16T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69805
published_at	2026-04-07T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69853
published_at	2026-04-08T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69869
published_at	2026-04-09T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69892
published_at	2026-04-11T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69877
published_at	2026-04-12T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70272
published_at	2026-04-04T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70255
published_at	2026-04-02T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70243
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20388

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1799734
reference_id	1799734
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1799734

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_id

545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_id

5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url

https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/

url

https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583
reference_id	949583
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583

reference_url	https://security.archlinux.org/ASA-202011-15
reference_id	ASA-202011-15
reference_type
scores
url	https://security.archlinux.org/ASA-202011-15

reference_url

reference_id

AVG-1263

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-20388
reference_id	CVE-2019-20388
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-20388

reference_url

reference_id

JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:3996
reference_id	RHSA-2020:3996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3996

reference_url	https://access.redhat.com/errata/RHSA-2020:4479
reference_id	RHSA-2020:4479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4479

reference_url	https://access.redhat.com/errata/RHSA-2021:0949
reference_id	RHSA-2021:0949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0949

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2019-20388

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-782a-uast-nbch

url VCID-7bpp-2hvk-2udv

vulnerability_id VCID-7bpp-2hvk-2udv

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-24977

reference_id

reference_type

scores

value	0.00502
scoring_system	epss
scoring_elements	0.66048
published_at	2026-04-09T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.65987
published_at	2026-04-07T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66036
published_at	2026-04-08T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66067
published_at	2026-04-11T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66054
published_at	2026-04-12T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66024
published_at	2026-04-13T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.6658
published_at	2026-04-01T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66645
published_at	2026-04-04T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66619
published_at	2026-04-02T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67656
published_at	2026-04-16T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67668
published_at	2026-04-18T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67647
published_at	2026-04-21T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67667
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-24977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

reference_url	https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/

reference_url	https://security.netapp.com/advisory/ntap-20200924-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200924-0001/

reference_url	https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1877788
reference_id	1877788
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1877788

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529
reference_id	969529
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529

reference_url	https://security.archlinux.org/ASA-202011-15
reference_id	ASA-202011-15
reference_type
scores
url	https://security.archlinux.org/ASA-202011-15

reference_url

reference_id

AVG-1263

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-24977
reference_id	CVE-2020-24977
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-24977

reference_url	https://security.gentoo.org/glsa/202107-05
reference_id	GLSA-202107-05
reference_type
scores
url	https://security.gentoo.org/glsa/202107-05

reference_url	https://access.redhat.com/errata/RHSA-2021:1597
reference_id	RHSA-2021:1597
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1597

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2020-24977

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7bpp-2hvk-2udv

url VCID-9hqf-12yh-bkc8

vulnerability_id VCID-9hqf-12yh-bkc8

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3518

reference_id

reference_type

scores

value	0.0025
scoring_system	epss
scoring_elements	0.48383
published_at	2026-04-24T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48443
published_at	2026-04-18T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48448
published_at	2026-04-16T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48398
published_at	2026-04-21T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48386
published_at	2026-04-12T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48412
published_at	2026-04-11T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48394
published_at	2026-04-08T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48339
published_at	2026-04-07T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48388
published_at	2026-04-09T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49118
published_at	2026-04-04T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.4909
published_at	2026-04-02T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49056
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3518

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1954242

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1954242

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518

reference_url

http://seclists.org/fulldisclosure/2021/Jul/54

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jul/54

reference_url

http://seclists.org/fulldisclosure/2021/Jul/55

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jul/55

reference_url

http://seclists.org/fulldisclosure/2021/Jul/58

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jul/58

reference_url

http://seclists.org/fulldisclosure/2021/Jul/59

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jul/59

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722

reference_url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url

https://nokogiri.org/CHANGELOG.html#1114-2021-05-14

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nokogiri.org/CHANGELOG.html#1114-2021-05-14

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3518

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3518

reference_url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_url	https://security.netapp.com/advisory/ntap-20210625-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210625-0002/

reference_url

https://support.apple.com/kb/HT212601

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT212601

reference_url

https://support.apple.com/kb/HT212602

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT212602

reference_url

https://support.apple.com/kb/HT212604

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT212604

reference_url

https://support.apple.com/kb/HT212605

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT212605

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737
reference_id	987737
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-v4f8-2847-rwm7

reference_url

reference_id

GHSA-v4f8-2847-rwm7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v4f8-2847-rwm7

reference_url

reference_id

GLSA-202107-05

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3518, GHSA-v4f8-2847-rwm7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hqf-12yh-bkc8

url VCID-azzy-m5pc-qudn

vulnerability_id VCID-azzy-m5pc-qudn

summary

Loop with Unreachable Exit Condition ('Infinite Loop')
parser.c in libxml2 does not prevent infinite recursion in parameter entities.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16932

reference_id

reference_type

scores

value	0.21989
scoring_system	epss
scoring_elements	0.95747
published_at	2026-04-02T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95755
published_at	2026-04-04T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95757
published_at	2026-04-07T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.9579
published_at	2026-04-21T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95788
published_at	2026-04-18T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95784
published_at	2026-04-16T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95766
published_at	2026-04-08T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95774
published_at	2026-04-13T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95772
published_at	2026-04-12T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95769
published_at	2026-04-09T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95773
published_at	2026-04-11T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95738
published_at	2026-04-01T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95792
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16932

reference_url

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=759579

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://bugzilla.gnome.org/show_bug.cgi?id=759579

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml

reference_url

https://github.com/sparklemotion/nokogiri/issues/1714

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1714

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

http://xmlsoft.org/news.html

reference_url	https://usn.ubuntu.com/usn/usn-3504-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/usn/usn-3504-1/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1517316
reference_id	1517316
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1517316

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613
reference_id	882613
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16932

reference_id

CVE-2017-16932

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16932

reference_url	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html
reference_id	CVE-2017-16932.HTML
reference_type
scores
url	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html

reference_url

https://github.com/advisories/GHSA-x2fm-93ww-ggvx

reference_id

GHSA-x2fm-93ww-ggvx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x2fm-93ww-ggvx

reference_url	https://usn.ubuntu.com/3504-1/
reference_id	USN-3504-1
reference_type
scores
url	https://usn.ubuntu.com/3504-1/

reference_url	https://usn.ubuntu.com/3504-2/
reference_id	USN-3504-2
reference_type
scores
url	https://usn.ubuntu.com/3504-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2017-16932, GHSA-x2fm-93ww-ggvx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azzy-m5pc-qudn

url VCID-bejh-22y7-kuh6

vulnerability_id VCID-bejh-22y7-kuh6

summary

NULL Pointer Dereference
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:1543

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://access.redhat.com/errata/RHSA-2019:1543

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14404

reference_id

reference_type

scores

value	0.18492
scoring_system	epss
scoring_elements	0.95218
published_at	2026-04-02T12:55:00Z

value	0.18492
scoring_system	epss
scoring_elements	0.95206
published_at	2026-04-01T12:55:00Z

value	0.18492
scoring_system	epss
scoring_elements	0.9522
published_at	2026-04-04T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95468
published_at	2026-04-12T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95469
published_at	2026-04-13T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95488
published_at	2026-04-24T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95486
published_at	2026-04-21T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95454
published_at	2026-04-07T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95461
published_at	2026-04-08T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95464
published_at	2026-04-09T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95483
published_at	2026-04-18T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95478
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14404

reference_url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1595985

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1595985

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/sparklemotion/nokogiri/issues/1785

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1785

reference_url

https://gitlab.gnome.org/GNOME/libxml2/issues/10

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://gitlab.gnome.org/GNOME/libxml2/issues/10

reference_url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url

https://security.netapp.com/advisory/ntap-20190719-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190719-0002

reference_url

https://security.netapp.com/advisory/ntap-20190719-0002/

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://security.netapp.com/advisory/ntap-20190719-0002/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://usn.ubuntu.com/3739-2

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3739-2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14404

reference_id

CVE-2018-14404

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14404

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml

reference_id

CVE-2018-14404.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml

reference_url

https://github.com/advisories/GHSA-6qvp-r6r3-9p7h

reference_id

GHSA-6qvp-r6r3-9p7h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6qvp-r6r3-9p7h

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

reference_url	https://access.redhat.com/errata/RHSA-2020:1827
reference_id	RHSA-2020:1827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1827

reference_url

reference_id

USN-3739-2

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2018-14404, GHSA-6qvp-r6r3-9p7h

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bejh-22y7-kuh6

url VCID-cbm2-cez4-bqgh

vulnerability_id VCID-cbm2-cez4-bqgh

summary

Use After Free
`valid.c` in libxml2 before 2.9.13 has a use-after-free of `ID` and `IDREF` attributes.

references

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23308

reference_id

reference_type

scores

value	0.0005
scoring_system	epss
scoring_elements	0.15547
published_at	2026-04-24T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15524
published_at	2026-04-13T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.1545
published_at	2026-04-16T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15456
published_at	2026-04-18T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.1551
published_at	2026-04-21T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15515
published_at	2026-04-07T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15601
published_at	2026-04-08T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15656
published_at	2026-04-09T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15623
published_at	2026-04-11T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15588
published_at	2026-04-12T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16267
published_at	2026-04-02T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16327
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23308

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
reference_id
reference_type
scores
url	https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e

reference_url	https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489
reference_id	1006489
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2056913
reference_id	2056913
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2056913

reference_url

reference_id

AVG-2726

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40304.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-23308
reference_id	CVE-2022-23308
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-23308

reference_url	https://security.gentoo.org/glsa/202210-03
reference_id	GLSA-202210-03
reference_type
scores
url	https://security.gentoo.org/glsa/202210-03

reference_url	https://access.redhat.com/errata/RHSA-2022:0899
reference_id	RHSA-2022:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0899

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/5324-1/
reference_id	USN-5324-1
reference_type
scores
url	https://usn.ubuntu.com/5324-1/

reference_url	https://usn.ubuntu.com/5422-1/
reference_id	USN-5422-1
reference_type
scores
url	https://usn.ubuntu.com/5422-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2022-23308

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbm2-cez4-bqgh

url VCID-eb6k-ppfd-m7a3

vulnerability_id VCID-eb6k-ppfd-m7a3

summary Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.

references

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40304.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-40304

reference_id

reference_type

scores

value	0.00161
scoring_system	epss
scoring_elements	0.37101
published_at	2026-04-02T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44548
published_at	2026-04-04T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44559
published_at	2026-04-11T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44426
published_at	2026-04-24T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44542
published_at	2026-04-09T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44487
published_at	2026-04-07T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44537
published_at	2026-04-08T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44508
published_at	2026-04-21T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44578
published_at	2026-04-18T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44586
published_at	2026-04-16T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.4453
published_at	2026-04-13T12:55:00Z

value	0.00219
scoring_system	epss
scoring_elements	0.44529
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-40304

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

reference_url	https://nokogiri.org/CHANGELOG.html#1139-2022-10-18
reference_id
reference_type
scores
url	https://nokogiri.org/CHANGELOG.html#1139-2022-10-18

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225
reference_id	1022225
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2136288
reference_id	2136288
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2136288

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-40304
reference_id	CVE-2022-40304
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-40304

reference_url	https://security.gentoo.org/glsa/202210-39
reference_id	GLSA-202210-39
reference_type
scores
url	https://security.gentoo.org/glsa/202210-39

reference_url

reference_id

HT213531

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

reference_url

reference_id

HT213533

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

reference_url

reference_id

HT213534

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

reference_url

reference_id

HT213535

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

reference_url

reference_id

HT213536

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

https://security.netapp.com/advisory/ntap-20221209-0003/

reference_url

reference_id

ntap-20221209-0003

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

https://security.netapp.com/advisory/ntap-20221209-0003/

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://access.redhat.com/errata/RHSA-2023:0173
reference_id	RHSA-2023:0173
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0173

reference_url	https://access.redhat.com/errata/RHSA-2023:0338
reference_id	RHSA-2023:0338
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0338

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url

reference_id

tags

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json

reference_url	https://usn.ubuntu.com/5760-1/
reference_id	USN-5760-1
reference_type
scores
url	https://usn.ubuntu.com/5760-1/

reference_url	https://usn.ubuntu.com/5760-2/
reference_id	USN-5760-2
reference_type
scores
url	https://usn.ubuntu.com/5760-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2022-40304

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eb6k-ppfd-m7a3

url VCID-ek5d-m9pn-3fec

vulnerability_id VCID-ek5d-m9pn-3fec

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3517

reference_id

reference_type

scores

value	0.00107
scoring_system	epss
scoring_elements	0.28889
published_at	2026-04-08T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28789
published_at	2026-04-21T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28839
published_at	2026-04-18T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28862
published_at	2026-04-16T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.2884
published_at	2026-04-13T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28891
published_at	2026-04-12T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28821
published_at	2026-04-07T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28678
published_at	2026-04-24T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.2893
published_at	2026-04-09T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28934
published_at	2026-04-11T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29474
published_at	2026-04-04T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29358
published_at	2026-04-01T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29427
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3517

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1954232

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1954232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579

reference_url

https://github.com/sparklemotion/nokogiri/issues/2233

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/2233

reference_url

https://github.com/sparklemotion/nokogiri/issues/2274

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/2274

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e

reference_url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3517

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3517

reference_url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_url

https://security.netapp.com/advisory/ntap-20210625-0002/

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://security.netapp.com/advisory/ntap-20210625-0002/

reference_url

https://security.netapp.com/advisory/ntap-20211022-0004

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20211022-0004

reference_url

https://security.netapp.com/advisory/ntap-20211022-0004/

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://security.netapp.com/advisory/ntap-20211022-0004/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738
reference_id	987738
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

reference_id

BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

https://github.com/advisories/GHSA-jw9f-hh49-cvp9

reference_id

GHSA-jw9f-hh49-cvp9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jw9f-hh49-cvp9

reference_url

reference_id

GLSA-202107-05

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url

reference_id

QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3517, GHSA-jw9f-hh49-cvp9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ek5d-m9pn-3fec

url VCID-qpnt-xvgv-s3cq

vulnerability_id VCID-qpnt-xvgv-s3cq

summary This advisory has been invalidated.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28484

reference_id

reference_type

scores

value	0.00249
scoring_system	epss
scoring_elements	0.48181
published_at	2026-04-24T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48186
published_at	2026-04-12T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48197
published_at	2026-04-13T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48249
published_at	2026-04-16T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48244
published_at	2026-04-18T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48199
published_at	2026-04-21T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.4913
published_at	2026-04-07T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49179
published_at	2026-04-04T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49184
published_at	2026-04-08T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.4915
published_at	2026-04-02T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49199
published_at	2026-04-11T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49181
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/491

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/491

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11
reference_id
reference_type
scores
url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436
reference_id	1034436
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2185994
reference_id	2185994
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2185994

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-28484
reference_id	CVE-2023-28484
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-28484

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

reference_url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_id

ntap-20230601-0006

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_id

ntap-20240201-0005

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_url	https://access.redhat.com/errata/RHSA-2023:4349
reference_id	RHSA-2023:4349
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4349

reference_url	https://access.redhat.com/errata/RHSA-2023:4529
reference_id	RHSA-2023:4529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4529

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://usn.ubuntu.com/6028-1/
reference_id	USN-6028-1
reference_type
scores
url	https://usn.ubuntu.com/6028-1/

reference_url	https://usn.ubuntu.com/6028-2/
reference_id	USN-6028-2
reference_type
scores
url	https://usn.ubuntu.com/6028-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2023-28484

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpnt-xvgv-s3cq

url VCID-qtp3-a1g7-8kgw

vulnerability_id VCID-qtp3-a1g7-8kgw

summary

Improper Restriction of XML External Entity Reference
libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9318

reference_id

reference_type

scores

value	0.00121
scoring_system	epss
scoring_elements	0.30847
published_at	2026-04-24T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31068
published_at	2026-04-12T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31023
published_at	2026-04-13T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31055
published_at	2026-04-16T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31036
published_at	2026-04-18T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31004
published_at	2026-04-21T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32866
published_at	2026-04-02T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32735
published_at	2026-04-01T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32769
published_at	2026-04-08T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32722
published_at	2026-04-07T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32901
published_at	2026-04-04T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38972
published_at	2026-04-11T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.3896
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9318

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395609
reference_id	1395609
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395609

reference_url

https://github.com/lsh123/xmlsec/issues/43

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

https://github.com/lsh123/xmlsec/issues/43

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581
reference_id	844581
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581

reference_url

http://www.securityfocus.com/bid/94347

reference_id

94347

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

http://www.securityfocus.com/bid/94347

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-9318
reference_id	CVE-2016-9318
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-9318

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=772726

reference_id

show_bug.cgi?id=772726

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

https://bugzilla.gnome.org/show_bug.cgi?id=772726

reference_url

reference_id

USN-3739-2

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2016-9318

risk_score 3.0

exploitability 0.5

weighted_severity 6.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtp3-a1g7-8kgw

url VCID-qv3r-ppuc-zycz

vulnerability_id VCID-qv3r-ppuc-zycz

summary

libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
The Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7595

reference_id

reference_type

scores

value	0.00473
scoring_system	epss
scoring_elements	0.6475
published_at	2026-04-16T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.64712
published_at	2026-04-13T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.6474
published_at	2026-04-12T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.64751
published_at	2026-04-11T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.64734
published_at	2026-04-09T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.6472
published_at	2026-04-08T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.64672
published_at	2026-04-07T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.6476
published_at	2026-04-18T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.64747
published_at	2026-04-21T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.64765
published_at	2026-04-24T12:55:00Z

value	0.00487
scoring_system	epss
scoring_elements	0.65401
published_at	2026-04-04T12:55:00Z

value	0.00487
scoring_system	epss
scoring_elements	0.65375
published_at	2026-04-02T12:55:00Z

value	0.00487
scoring_system	epss
scoring_elements	0.65326
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7595

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1992

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1992

reference_url

https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7595

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7595

reference_url

https://security.gentoo.org/glsa/202010-04

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://security.gentoo.org/glsa/202010-04

reference_url

https://security.netapp.com/advisory/ntap-20200702-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200702-0005

reference_url

https://security.netapp.com/advisory/ntap-20200702-0005/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://security.netapp.com/advisory/ntap-20200702-0005/

reference_url

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08

reference_url

https://usn.ubuntu.com/4274-1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4274-1

reference_url

https://usn.ubuntu.com/4274-1/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://usn.ubuntu.com/4274-1/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1799786
reference_id	1799786
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1799786

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_id

545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_id

5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582
reference_id	949582
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582

reference_url	https://security.archlinux.org/ASA-202011-15
reference_id	ASA-202011-15
reference_type
scores
url	https://security.archlinux.org/ASA-202011-15

reference_url

reference_id

AVG-1263

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-7553-jr98-vx47

reference_url

reference_id

GHSA-7553-jr98-vx47

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7553-jr98-vx47

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_id

JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:3996
reference_id	RHSA-2020:3996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3996

reference_url	https://access.redhat.com/errata/RHSA-2020:4479
reference_id	RHSA-2020:4479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4479

reference_url	https://access.redhat.com/errata/RHSA-2021:0949
reference_id	RHSA-2021:0949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0949

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2020-7595, GHSA-7553-jr98-vx47

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qv3r-ppuc-zycz

url VCID-rsvx-3f49-v3an

vulnerability_id VCID-rsvx-3f49-v3an

summary

Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)
A flaw was found in libxml2. By exploiting an exponential entity expansion attack its possible bypassing all existing protection mechanisms and lead to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3541

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.18918
published_at	2026-04-01T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18738
published_at	2026-04-24T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18834
published_at	2026-04-18T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18849
published_at	2026-04-21T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19054
published_at	2026-04-02T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19106
published_at	2026-04-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18828
published_at	2026-04-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18907
published_at	2026-04-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18962
published_at	2026-04-09T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18968
published_at	2026-04-11T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18921
published_at	2026-04-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1887
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18822
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3541

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1950515
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1950515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://security.netapp.com/advisory/ntap-20210805-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210805-0007/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603
reference_id	988603
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-3541
reference_id	CVE-2021-3541
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-3541

reference_url	https://security.gentoo.org/glsa/202107-05
reference_id	GLSA-202107-05
reference_type
scores
url	https://security.gentoo.org/glsa/202107-05

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3541

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rsvx-3f49-v3an

url VCID-s9r4-a3uz-4yhp

vulnerability_id VCID-s9r4-a3uz-4yhp

summary

Integer Overflow or Wraparound
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

references

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29824

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22274
published_at	2026-04-24T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22466
published_at	2026-04-13T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22481
published_at	2026-04-16T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22478
published_at	2026-04-18T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22427
published_at	2026-04-21T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22407
published_at	2026-04-07T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22489
published_at	2026-04-08T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22543
published_at	2026-04-09T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22562
published_at	2026-04-11T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22521
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22976
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.2302
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29824

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14

reference_url	https://gitlab.gnome.org/GNOME/libxslt/-/tags
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxslt/-/tags

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526
reference_id	1010526
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2082158
reference_id	2082158
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2082158

reference_url

reference_id

AVG-2726

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-29824
reference_id	CVE-2022-29824
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-29824

reference_url	https://security.gentoo.org/glsa/202210-03
reference_id	GLSA-202210-03
reference_type
scores
url	https://security.gentoo.org/glsa/202210-03

reference_url	https://access.redhat.com/errata/RHSA-2022:5250
reference_id	RHSA-2022:5250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5250

reference_url	https://access.redhat.com/errata/RHSA-2022:5317
reference_id	RHSA-2022:5317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5317

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://usn.ubuntu.com/5422-1/
reference_id	USN-5422-1
reference_type
scores
url	https://usn.ubuntu.com/5422-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2022-29824

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s9r4-a3uz-4yhp

url VCID-t53m-6vvr-27cf

vulnerability_id VCID-t53m-6vvr-27cf

summary

Loop with Unreachable Exit Condition ('Infinite Loop')
libxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

references

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14567

reference_id

reference_type

scores

value	0.00677
scoring_system	epss
scoring_elements	0.71451
published_at	2026-04-01T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71459
published_at	2026-04-02T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71476
published_at	2026-04-04T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71449
published_at	2026-04-07T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71489
published_at	2026-04-08T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71501
published_at	2026-04-09T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71524
published_at	2026-04-11T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71508
published_at	2026-04-12T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.7149
published_at	2026-04-13T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71536
published_at	2026-04-16T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71541
published_at	2026-04-18T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.7152
published_at	2026-04-21T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71571
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14567

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1619875
reference_id	1619875
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1619875

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-14567
reference_id	CVE-2018-14567
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-14567

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2018-14567

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t53m-6vvr-27cf

url VCID-udew-3gre-13hy

vulnerability_id VCID-udew-3gre-13hy

summary Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-40303

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.39746
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39471
published_at	2026-04-24T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39768
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39687
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39741
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39755
published_at	2026-04-09T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39765
published_at	2026-04-11T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39729
published_at	2026-04-12T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39712
published_at	2026-04-13T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39762
published_at	2026-04-16T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39734
published_at	2026-04-18T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.3965
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-40303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

reference_url	https://nokogiri.org/CHANGELOG.html#1139-2022-10-18
reference_id
reference_type
scores
url	https://nokogiri.org/CHANGELOG.html#1139-2022-10-18

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224
reference_id	1022224
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2136266
reference_id	2136266
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2136266

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-40303
reference_id	CVE-2022-40303
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-40303

reference_url	https://security.gentoo.org/glsa/202210-39
reference_id	GLSA-202210-39
reference_type
scores
url	https://security.gentoo.org/glsa/202210-39

reference_url

reference_id

HT213531

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

reference_url

reference_id

HT213533

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

reference_url

reference_id

HT213534

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

reference_url

reference_id

HT213535

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

reference_url

reference_id

HT213536

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://security.netapp.com/advisory/ntap-20221209-0003/

reference_url

reference_id

ntap-20221209-0003

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://security.netapp.com/advisory/ntap-20221209-0003/

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://access.redhat.com/errata/RHSA-2023:0173
reference_id	RHSA-2023:0173
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0173

reference_url	https://access.redhat.com/errata/RHSA-2023:0338
reference_id	RHSA-2023:0338
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0338

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://usn.ubuntu.com/5760-1/
reference_id	USN-5760-1
reference_type
scores
url	https://usn.ubuntu.com/5760-1/

reference_url	https://usn.ubuntu.com/5760-2/
reference_id	USN-5760-2
reference_type
scores
url	https://usn.ubuntu.com/5760-2/

reference_url	https://usn.ubuntu.com/7659-1/
reference_id	USN-7659-1
reference_type
scores
url	https://usn.ubuntu.com/7659-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2022-40303

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-udew-3gre-13hy

url VCID-ugyh-dycm-3bc3

vulnerability_id VCID-ugyh-dycm-3bc3

summary libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19956

reference_id

reference_type

scores

value	0.00154
scoring_system	epss
scoring_elements	0.35817
published_at	2026-04-24T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.3601
published_at	2026-04-01T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36204
published_at	2026-04-02T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36231
published_at	2026-04-04T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36066
published_at	2026-04-07T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36115
published_at	2026-04-08T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36133
published_at	2026-04-09T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.3614
published_at	2026-04-11T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36102
published_at	2026-04-18T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36075
published_at	2026-04-13T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36116
published_at	2026-04-16T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36048
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1788856
reference_id	1788856
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1788856

reference_url

https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549

reference_id

5a02583c7e683896d84878bd90641d8d9b0d0549

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_id

5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-19956
reference_id	CVE-2019-19956
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-19956

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_id

JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html

reference_id

msg00005.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html

reference_url

https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html

reference_id

msg00032.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html

reference_url

https://security.netapp.com/advisory/ntap-20200114-0002/

reference_id

ntap-20200114-0002

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://security.netapp.com/advisory/ntap-20200114-0002/

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:3996
reference_id	RHSA-2020:3996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3996

reference_url	https://access.redhat.com/errata/RHSA-2020:4479
reference_id	RHSA-2020:4479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4479

reference_url	https://access.redhat.com/errata/RHSA-2021:0949
reference_id	RHSA-2021:0949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0949

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2019-19956

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ugyh-dycm-3bc3

url VCID-vf7b-s3y3-sfhw

vulnerability_id VCID-vf7b-s3y3-sfhw

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3537

reference_id

reference_type

scores

value	0.00111
scoring_system	epss
scoring_elements	0.29532
published_at	2026-04-13T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29584
published_at	2026-04-12T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29365
published_at	2026-04-24T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29478
published_at	2026-04-21T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29524
published_at	2026-04-18T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29551
published_at	2026-04-16T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34266
published_at	2026-04-02T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.33927
published_at	2026-04-01T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34299
published_at	2026-04-04T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36309
published_at	2026-04-08T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36337
published_at	2026-04-11T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36331
published_at	2026-04-09T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.3626
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3537

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1956522

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1956522

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url

https://nokogiri.org/CHANGELOG.html#1114-2021-05-14

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nokogiri.org/CHANGELOG.html#1114-2021-05-14

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3537

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3537

reference_url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_url	https://security.netapp.com/advisory/ntap-20210625-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210625-0002/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123
reference_id	988123
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-286v-pcf5-25rc

reference_url

reference_id

GHSA-286v-pcf5-25rc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-286v-pcf5-25rc

reference_url

reference_id

GLSA-202107-05

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3537, GHSA-286v-pcf5-25rc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vf7b-s3y3-sfhw

url VCID-wc4g-sxyq-ubcd

vulnerability_id VCID-wc4g-sxyq-ubcd

summary

Allocation of Resources Without Limits or Throttling
The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

references

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-18258

reference_id

reference_type

scores

value	0.0079
scoring_system	epss
scoring_elements	0.73949
published_at	2026-04-24T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73922
published_at	2026-04-18T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73833
published_at	2026-04-02T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73914
published_at	2026-04-21T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73872
published_at	2026-04-13T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.7388
published_at	2026-04-12T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73898
published_at	2026-04-11T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73876
published_at	2026-04-09T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73863
published_at	2026-04-08T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73829
published_at	2026-04-07T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73858
published_at	2026-04-04T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73824
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-18258

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml

reference_url

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

reference_url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url

https://security.netapp.com/advisory/ntap-20190719-0001

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190719-0001

reference_url	https://security.netapp.com/advisory/ntap-20190719-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190719-0001/

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.archlinux.org/AVG-671

reference_url	https://usn.ubuntu.com/3739-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3739-1/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1566749
reference_id	1566749
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1566749

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245
reference_id	895245
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245

reference_url

reference_id

AVG-671

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-671

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-18258

reference_id

CVE-2017-18258

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-18258

reference_url

https://github.com/advisories/GHSA-882p-jqgm-f45g

reference_id

GHSA-882p-jqgm-f45g

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-882p-jqgm-f45g

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2017-18258, GHSA-882p-jqgm-f45g

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4g-sxyq-ubcd

url VCID-x9ej-7dcq-tub2

vulnerability_id VCID-x9ej-7dcq-tub2

summary

Double Free
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29469

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.2209
published_at	2026-04-02T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21766
published_at	2026-04-24T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2191
published_at	2026-04-07T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21991
published_at	2026-04-08T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22046
published_at	2026-04-09T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22061
published_at	2026-04-11T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2202
published_at	2026-04-12T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2196
published_at	2026-04-13T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21959
published_at	2026-04-16T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21955
published_at	2026-04-18T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21912
published_at	2026-04-21T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2214
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/510

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/510

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11
reference_id
reference_type
scores
url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437
reference_id	1034437
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2185984
reference_id	2185984
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2185984

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-29469
reference_id	CVE-2023-29469
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-29469

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

reference_url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_id

ntap-20230601-0006

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:4349
reference_id	RHSA-2023:4349
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4349

reference_url	https://access.redhat.com/errata/RHSA-2023:4529
reference_id	RHSA-2023:4529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4529

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://usn.ubuntu.com/6028-1/
reference_id	USN-6028-1
reference_type
scores
url	https://usn.ubuntu.com/6028-1/

reference_url	https://usn.ubuntu.com/6028-2/
reference_id	USN-6028-2
reference_type
scores
url	https://usn.ubuntu.com/6028-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2023-29469

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9ej-7dcq-tub2

url VCID-xps8-1a3r-wke6

vulnerability_id VCID-xps8-1a3r-wke6

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3516

reference_id

reference_type

scores

value	0.00343
scoring_system	epss
scoring_elements	0.56988
published_at	2026-04-09T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56934
published_at	2026-04-07T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56985
published_at	2026-04-08T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56995
published_at	2026-04-11T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57651
published_at	2026-04-04T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57545
published_at	2026-04-01T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57629
published_at	2026-04-02T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58339
published_at	2026-04-21T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.583
published_at	2026-04-24T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58347
published_at	2026-04-12T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58327
published_at	2026-04-13T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.5836
published_at	2026-04-16T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58363
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3516

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/issues/230

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1954225
reference_id	1954225
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1954225

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987739
reference_id	987739
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987739

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url