Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/nokogiri@1.6.2
Typegem
Namespace
Namenokogiri
Version1.6.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.19.3
Latest_non_vulnerable_version1.19.3
Affected_by_vulnerabilities
0
url VCID-124d-zrmb-xue8
vulnerability_id VCID-124d-zrmb-xue8
summary 
Multiple vulnerabilities in libxml2, libxslt
The vendored libxml2 and libxslt libraries have multiple vulnerabilities: CVE-2015-1819 CVE-2015-7941_1 CVE-2015-7941_2 CVE-2015-7942 CVE-2015-7942-2 CVE-2015-8035 CVE-2015-7995
references
0
reference_url https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22
1
reference_url https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1663--2015-11-16
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1663--2015-11-16
2
reference_url https://github.com/sparklemotion/nokogiri/commit/ac6106f1e641d50b27752c52b355e01d03ae8829
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/commit/ac6106f1e641d50b27752c52b355e01d03ae8829
3
reference_url https://github.com/sparklemotion/nokogiri/commit/ee52b7be5b47e1029af98f6b7eb6df7fc5ffd359
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/commit/ee52b7be5b47e1029af98f6b7eb6df7fc5ffd359
4
reference_url https://groups.google.com/forum/#!topic/nokogiri-talk/gEpHWo2xLCE
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/nokogiri-talk/gEpHWo2xLCE
fixed_packages
0
url pkg:gem/nokogiri@1.6.6.3
purl pkg:gem/nokogiri@1.6.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-9m3t-anwb-4fbx
5
vulnerability VCID-akrb-6bu8-nqfq
6
vulnerability VCID-b8q3-sd61-rqhf
7
vulnerability VCID-ba5w-ed8b-duar
8
vulnerability VCID-by7n-zrpn-jubw
9
vulnerability VCID-cgmw-k7dg-gbdw
10
vulnerability VCID-chdv-jk6d-uuga
11
vulnerability VCID-d13x-y75t-2ugx
12
vulnerability VCID-e8w6-ax3x-wqan
13
vulnerability VCID-efx2-bpu9-z7a4
14
vulnerability VCID-egft-crba-6ubx
15
vulnerability VCID-fn1n-adz5-5fcy
16
vulnerability VCID-ft4s-195a-8fcf
17
vulnerability VCID-gdgu-7d3a-uygr
18
vulnerability VCID-gwrv-agck-yuex
19
vulnerability VCID-j98t-paam-97ec
20
vulnerability VCID-jvd7-7jes-4ffn
21
vulnerability VCID-jxz3-ug52-cuhn
22
vulnerability VCID-m91c-mfu9-bbbh
23
vulnerability VCID-nuzy-ruzb-dke6
24
vulnerability VCID-p6m6-7kgc-y3g8
25
vulnerability VCID-pb6j-zdqw-g7cj
26
vulnerability VCID-pr2j-1118-hqaa
27
vulnerability VCID-q3td-7t4g-57ba
28
vulnerability VCID-qkq6-n1ds-x7e5
29
vulnerability VCID-u9b2-qx2j-c7by
30
vulnerability VCID-ueh5-fv4d-a7a8
31
vulnerability VCID-uk9u-nn9a-4yes
32
vulnerability VCID-wnj6-hc4g-ykfs
33
vulnerability VCID-yjn6-17qx-9ubc
34
vulnerability VCID-yrjg-2aw9-effx
35
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.6.3
1
url pkg:gem/nokogiri@1.6.7.rc4
purl pkg:gem/nokogiri@1.6.7.rc4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-9m3t-anwb-4fbx
5
vulnerability VCID-akrb-6bu8-nqfq
6
vulnerability VCID-b8q3-sd61-rqhf
7
vulnerability VCID-by7n-zrpn-jubw
8
vulnerability VCID-chdv-jk6d-uuga
9
vulnerability VCID-d13x-y75t-2ugx
10
vulnerability VCID-e8w6-ax3x-wqan
11
vulnerability VCID-efx2-bpu9-z7a4
12
vulnerability VCID-egft-crba-6ubx
13
vulnerability VCID-fn1n-adz5-5fcy
14
vulnerability VCID-ft4s-195a-8fcf
15
vulnerability VCID-gdgu-7d3a-uygr
16
vulnerability VCID-gwrv-agck-yuex
17
vulnerability VCID-j98t-paam-97ec
18
vulnerability VCID-jvd7-7jes-4ffn
19
vulnerability VCID-jxz3-ug52-cuhn
20
vulnerability VCID-m91c-mfu9-bbbh
21
vulnerability VCID-nuzy-ruzb-dke6
22
vulnerability VCID-p6m6-7kgc-y3g8
23
vulnerability VCID-pb6j-zdqw-g7cj
24
vulnerability VCID-pr2j-1118-hqaa
25
vulnerability VCID-q3td-7t4g-57ba
26
vulnerability VCID-qkq6-n1ds-x7e5
27
vulnerability VCID-u9b2-qx2j-c7by
28
vulnerability VCID-ueh5-fv4d-a7a8
29
vulnerability VCID-uk9u-nn9a-4yes
30
vulnerability VCID-wnj6-hc4g-ykfs
31
vulnerability VCID-yjn6-17qx-9ubc
32
vulnerability VCID-yrjg-2aw9-effx
33
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.rc4
aliases GMS-2015-42
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-124d-zrmb-xue8
1
url VCID-1sh8-bsk3-auct
vulnerability_id VCID-1sh8-bsk3-auct
summary libxml2 has a global Buffer Overflow vulnerability in `xmlEncodeEntitiesInternal` at `libxml2/entities.c`.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24977
reference_id
reference_type
scores
0
value 0.00697
scoring_system epss
scoring_elements 0.72316
published_at 2026-06-04T12:55:00Z
1
value 0.00697
scoring_system epss
scoring_elements 0.72358
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24977
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
reference_id
reference_type
scores
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
7
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
reference_id
reference_type
scores
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
8
reference_url https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
9
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/
20
reference_url https://security.gentoo.org/glsa/202107-05
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202107-05
21
reference_url https://security.netapp.com/advisory/ntap-20200924-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200924-0001/
22
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
23
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1877788
reference_id 1877788
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1877788
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529
reference_id 969529
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529
25
reference_url https://security.archlinux.org/ASA-202011-15
reference_id ASA-202011-15
reference_type
scores
url https://security.archlinux.org/ASA-202011-15
26
reference_url https://security.archlinux.org/AVG-1263
reference_id AVG-1263
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1263
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24977
reference_id CVE-2020-24977
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-24977
28
reference_url https://access.redhat.com/errata/RHSA-2021:1597
reference_id RHSA-2021:1597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1597
29
reference_url https://usn.ubuntu.com/4991-1/
reference_id USN-4991-1
reference_type
scores
url https://usn.ubuntu.com/4991-1/
fixed_packages
0
url pkg:gem/nokogiri@1.11.4
purl pkg:gem/nokogiri@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chdv-jk6d-uuga
1
vulnerability VCID-d13x-y75t-2ugx
2
vulnerability VCID-p6m6-7kgc-y3g8
3
vulnerability VCID-pb6j-zdqw-g7cj
4
vulnerability VCID-pr2j-1118-hqaa
5
vulnerability VCID-q3td-7t4g-57ba
6
vulnerability VCID-qkq6-n1ds-x7e5
7
vulnerability VCID-wnj6-hc4g-ykfs
8
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4
aliases CVE-2020-24977
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1sh8-bsk3-auct
2
url VCID-2r85-egs8-4be3
vulnerability_id VCID-2r85-egs8-4be3
summary 
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
### Description

In Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by `Nokogiri::XML::Schema`
are **trusted** by default, allowing external resources to be accessed over the
network, potentially enabling XXE or SSRF attacks.

This behavior is counter to
the security policy followed by Nokogiri maintainers, which is to treat all input
as **untrusted** by default whenever possible.

Please note that this security
fix was pushed into a new minor version, 1.11.x, rather than a patch release to
the 1.10.x branch, because it is a breaking change for some schemas and the risk
was assessed to be "Low Severity".

### Affected Versions

Nokogiri `<= 1.10.10` as well as prereleases `1.11.0.rc1`, `1.11.0.rc2`, and `1.11.0.rc3`

### Mitigation

There are no known workarounds for affected versions. Upgrade to Nokogiri
`1.11.0.rc4` or later.

If, after upgrading to `1.11.0.rc4` or later, you wish
to re-enable network access for resolution of external resources (i.e., return to
the previous behavior):

1. Ensure the input is trusted. Do not enable this option
for untrusted input.
2. When invoking the `Nokogiri::XML::Schema` constructor,
pass as the second parameter an instance of `Nokogiri::XML::ParseOptions` with the
`NONET` flag turned off.

So if your previous code was:

``` ruby
# in v1.11.0.rc3 and earlier, this call allows resources to be accessed over the network
# but in v1.11.0.rc4 and later, this call will disallow network access for external resources
schema = Nokogiri::XML::Schema.new(schema)

# in v1.11.0.rc4 and later, the following is equivalent to the code above
# (the second parameter is optional, and this demonstrates its default value)
schema = Nokogiri::XML::Schema.new(schema, Nokogiri::XML::ParseOptions::DEFAULT_SCHEMA)
```

Then you can add the second parameter to indicate that the input is trusted by changing it to:

``` ruby
# in v1.11.0.rc3 and earlier, this would raise an ArgumentError
# but in v1.11.0.rc4 and later, this allows resources to be accessed over the network
schema = Nokogiri::XML::Schema.new(trusted_schema, Nokogiri::XML::ParseOptions.new.nononet)
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26247
reference_id
reference_type
scores
0
value 0.00259
scoring_system epss
scoring_elements 0.49512
published_at 2026-06-04T12:55:00Z
1
value 0.00259
scoring_system epss
scoring_elements 0.49574
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26247
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26247
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26247
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml
5
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
6
reference_url https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03
7
reference_url https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b
8
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4
9
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
10
reference_url https://hackerone.com/reports/747489
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/747489
11
reference_url https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html
12
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
13
reference_url https://rubygems.org/gems/nokogiri
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/nokogiri
14
reference_url https://security.gentoo.org/glsa/202208-29
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-29
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1912487
reference_id 1912487
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1912487
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967
reference_id 978967
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26247
reference_id CVE-2020-26247
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26247
18
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
19
reference_url https://access.redhat.com/errata/RHSA-2021:5191
reference_id RHSA-2021:5191
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5191
20
reference_url https://usn.ubuntu.com/7659-1/
reference_id USN-7659-1
reference_type
scores
url https://usn.ubuntu.com/7659-1/
fixed_packages
0
url pkg:gem/nokogiri@1.11.0
purl pkg:gem/nokogiri@1.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6t8y-27ba-cfa2
1
vulnerability VCID-chdv-jk6d-uuga
2
vulnerability VCID-d13x-y75t-2ugx
3
vulnerability VCID-e8w6-ax3x-wqan
4
vulnerability VCID-nuzy-ruzb-dke6
5
vulnerability VCID-p6m6-7kgc-y3g8
6
vulnerability VCID-pb6j-zdqw-g7cj
7
vulnerability VCID-pr2j-1118-hqaa
8
vulnerability VCID-q3td-7t4g-57ba
9
vulnerability VCID-qkq6-n1ds-x7e5
10
vulnerability VCID-wnj6-hc4g-ykfs
11
vulnerability VCID-yjn6-17qx-9ubc
12
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.0
aliases CVE-2020-26247, GHSA-vr8q-g5c7-m54m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2r85-egs8-4be3
3
url VCID-5xuf-r7bj-33fa
vulnerability_id VCID-5xuf-r7bj-33fa
summary 
Improper Input Validation
In `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13117
reference_id
reference_type
scores
0
value 0.04376
scoring_system epss
scoring_elements 0.89156
published_at 2026-06-04T12:55:00Z
1
value 0.04376
scoring_system epss
scoring_elements 0.89173
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13117
3
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml
7
reference_url https://github.com/sparklemotion/nokogiri/issues/1943
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1943
8
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
9
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
11
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
13
reference_url https://oss-fuzz.com/testcase-detail/5631739747106816
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://oss-fuzz.com/testcase-detail/5631739747106816
14
reference_url https://security.netapp.com/advisory/ntap-20190806-0004
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190806-0004
15
reference_url https://security.netapp.com/advisory/ntap-20200122-0003
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200122-0003
16
reference_url https://usn.ubuntu.com/4164-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4164-1
17
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://www.oracle.com/security-alerts/cpujan2020.html
18
reference_url http://www.openwall.com/lists/oss-security/2019/11/17/2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url http://www.openwall.com/lists/oss-security/2019/11/17/2
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1728546
reference_id 1728546
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1728546
20
reference_url https://usn.ubuntu.com/4164-1/
reference_id 4164-1
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://usn.ubuntu.com/4164-1/
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321
reference_id 931321
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13117
reference_id CVE-2019-13117
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13117
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
reference_id IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
24
reference_url https://security.netapp.com/advisory/ntap-20190806-0004/
reference_id ntap-20190806-0004
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://security.netapp.com/advisory/ntap-20190806-0004/
25
reference_url https://security.netapp.com/advisory/ntap-20200122-0003/
reference_id ntap-20200122-0003
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://security.netapp.com/advisory/ntap-20200122-0003/
26
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
fixed_packages
0
url pkg:gem/nokogiri@1.10.5
purl pkg:gem/nokogiri@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-6t8y-27ba-cfa2
3
vulnerability VCID-chdv-jk6d-uuga
4
vulnerability VCID-d13x-y75t-2ugx
5
vulnerability VCID-e8w6-ax3x-wqan
6
vulnerability VCID-jxz3-ug52-cuhn
7
vulnerability VCID-nuzy-ruzb-dke6
8
vulnerability VCID-p6m6-7kgc-y3g8
9
vulnerability VCID-pb6j-zdqw-g7cj
10
vulnerability VCID-pr2j-1118-hqaa
11
vulnerability VCID-q3td-7t4g-57ba
12
vulnerability VCID-qkq6-n1ds-x7e5
13
vulnerability VCID-wnj6-hc4g-ykfs
14
vulnerability VCID-yjn6-17qx-9ubc
15
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5
aliases CVE-2019-13117, GHSA-4hm9-844j-jmxp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xuf-r7bj-33fa
4
url VCID-6t8y-27ba-cfa2
vulnerability_id VCID-6t8y-27ba-cfa2
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3537
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29146
published_at 2026-06-04T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29216
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3537
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1956522
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1956522
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml
6
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
7
reference_url https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722
8
reference_url https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
13
reference_url https://nokogiri.org/CHANGELOG.html#1114-2021-05-14
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nokogiri.org/CHANGELOG.html#1114-2021-05-14
14
reference_url https://security.gentoo.org/glsa/202107-05
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-05
15
reference_url https://security.netapp.com/advisory/ntap-20210625-0002
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210625-0002
16
reference_url https://security.netapp.com/advisory/ntap-20210625-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210625-0002/
17
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
18
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
19
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123
reference_id 988123
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123
21
reference_url https://security.archlinux.org/AVG-1883
reference_id AVG-1883
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1883
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3537
reference_id CVE-2021-3537
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3537
23
reference_url https://github.com/advisories/GHSA-286v-pcf5-25rc
reference_id GHSA-286v-pcf5-25rc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-286v-pcf5-25rc
24
reference_url https://access.redhat.com/errata/RHSA-2021:2569
reference_id RHSA-2021:2569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2569
25
reference_url https://access.redhat.com/errata/RHSA-2022:1389
reference_id RHSA-2022:1389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1389
26
reference_url https://access.redhat.com/errata/RHSA-2022:1390
reference_id RHSA-2022:1390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1390
27
reference_url https://usn.ubuntu.com/4991-1/
reference_id USN-4991-1
reference_type
scores
url https://usn.ubuntu.com/4991-1/
fixed_packages
0
url pkg:gem/nokogiri@1.11.4
purl pkg:gem/nokogiri@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chdv-jk6d-uuga
1
vulnerability VCID-d13x-y75t-2ugx
2
vulnerability VCID-p6m6-7kgc-y3g8
3
vulnerability VCID-pb6j-zdqw-g7cj
4
vulnerability VCID-pr2j-1118-hqaa
5
vulnerability VCID-q3td-7t4g-57ba
6
vulnerability VCID-qkq6-n1ds-x7e5
7
vulnerability VCID-wnj6-hc4g-ykfs
8
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4
aliases CVE-2021-3537, GHSA-286v-pcf5-25rc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t8y-27ba-cfa2
5
url VCID-9m3t-anwb-4fbx
vulnerability_id VCID-9m3t-anwb-4fbx
summary arbitrary code execution
references
0
reference_url http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
1
reference_url http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
2
reference_url http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html
3
reference_url http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4658
reference_id
reference_type
scores
0
value 0.15391
scoring_system epss
scoring_elements 0.94776
published_at 2026-06-05T12:55:00Z
1
value 0.15391
scoring_system epss
scoring_elements 0.94767
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4658
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
10
reference_url https://github.com/sparklemotion/nokogiri/issues/1615
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1615
11
reference_url https://security.gentoo.org/glsa/201701-37
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201701-37
12
reference_url https://support.apple.com/HT207141
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT207141
13
reference_url https://support.apple.com/HT207142
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT207142
14
reference_url https://support.apple.com/HT207143
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT207143
15
reference_url https://support.apple.com/HT207170
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT207170
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1384424
reference_id 1384424
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1384424
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553
reference_id 840553
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553
18
reference_url https://security.archlinux.org/ASA-201611-2
reference_id ASA-201611-2
reference_type
scores
url https://security.archlinux.org/ASA-201611-2
19
reference_url https://security.archlinux.org/AVG-56
reference_id AVG-56
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-56
20
reference_url http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html
reference_id CVE-2016-4448.HTML
reference_type
scores
url http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4658
reference_id CVE-2016-4658
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4658
22
reference_url http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html
reference_id CVE-2016-4658.HTML
reference_type
scores
url http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html
23
reference_url http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html
reference_id CVE-2016-5131.HTML
reference_type
scores
url http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html
24
reference_url https://github.com/advisories/GHSA-fr52-4hqw-p27f
reference_id GHSA-fr52-4hqw-p27f
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fr52-4hqw-p27f
25
reference_url https://access.redhat.com/errata/RHSA-2021:3810
reference_id RHSA-2021:3810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3810
26
reference_url https://usn.ubuntu.com/3235-1/
reference_id USN-3235-1
reference_type
scores
url https://usn.ubuntu.com/3235-1/
fixed_packages
0
url pkg:gem/nokogiri@1.7.1
purl pkg:gem/nokogiri@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-akrb-6bu8-nqfq
5
vulnerability VCID-b8q3-sd61-rqhf
6
vulnerability VCID-chdv-jk6d-uuga
7
vulnerability VCID-d13x-y75t-2ugx
8
vulnerability VCID-e8w6-ax3x-wqan
9
vulnerability VCID-ft4s-195a-8fcf
10
vulnerability VCID-gdgu-7d3a-uygr
11
vulnerability VCID-gwrv-agck-yuex
12
vulnerability VCID-j98t-paam-97ec
13
vulnerability VCID-jvd7-7jes-4ffn
14
vulnerability VCID-jxz3-ug52-cuhn
15
vulnerability VCID-m91c-mfu9-bbbh
16
vulnerability VCID-nuzy-ruzb-dke6
17
vulnerability VCID-p6m6-7kgc-y3g8
18
vulnerability VCID-pb6j-zdqw-g7cj
19
vulnerability VCID-pr2j-1118-hqaa
20
vulnerability VCID-q3td-7t4g-57ba
21
vulnerability VCID-qkq6-n1ds-x7e5
22
vulnerability VCID-u9b2-qx2j-c7by
23
vulnerability VCID-ueh5-fv4d-a7a8
24
vulnerability VCID-uk9u-nn9a-4yes
25
vulnerability VCID-wnj6-hc4g-ykfs
26
vulnerability VCID-yjn6-17qx-9ubc
27
vulnerability VCID-yrjg-2aw9-effx
28
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.1
aliases CVE-2016-4658, GHSA-fr52-4hqw-p27f
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9m3t-anwb-4fbx
6
url VCID-akrb-6bu8-nqfq
vulnerability_id VCID-akrb-6bu8-nqfq
summary 
NULL Pointer Dereference
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:1543
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://access.redhat.com/errata/RHSA-2019:1543
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14404
reference_id
reference_type
scores
0
value 0.20012
scoring_system epss
scoring_elements 0.95589
published_at 2026-06-04T12:55:00Z
1
value 0.20012
scoring_system epss
scoring_elements 0.95595
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14404
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1595985
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=1595985
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/sparklemotion/nokogiri/issues/1785
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1785
8
reference_url https://gitlab.gnome.org/GNOME/libxml2/issues/10
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://gitlab.gnome.org/GNOME/libxml2/issues/10
9
reference_url https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
10
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
11
reference_url https://security.netapp.com/advisory/ntap-20190719-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190719-0002
12
reference_url https://usn.ubuntu.com/3739-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3739-1
13
reference_url https://usn.ubuntu.com/3739-2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3739-2
14
reference_url https://usn.ubuntu.com/3739-2/
reference_id 3739-2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://usn.ubuntu.com/3739-2/
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14404
reference_id CVE-2018-14404
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14404
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml
reference_id CVE-2018-14404.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml
17
reference_url https://github.com/advisories/GHSA-6qvp-r6r3-9p7h
reference_id GHSA-6qvp-r6r3-9p7h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qvp-r6r3-9p7h
18
reference_url https://security.netapp.com/advisory/ntap-20190719-0002/
reference_id ntap-20190719-0002
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://security.netapp.com/advisory/ntap-20190719-0002/
19
reference_url https://access.redhat.com/errata/RHSA-2020:1190
reference_id RHSA-2020:1190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1190
20
reference_url https://access.redhat.com/errata/RHSA-2020:1827
reference_id RHSA-2020:1827
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1827
fixed_packages
0
url pkg:gem/nokogiri@1.8.5
purl pkg:gem/nokogiri@1.8.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-chdv-jk6d-uuga
5
vulnerability VCID-d13x-y75t-2ugx
6
vulnerability VCID-e8w6-ax3x-wqan
7
vulnerability VCID-ft4s-195a-8fcf
8
vulnerability VCID-jvd7-7jes-4ffn
9
vulnerability VCID-jxz3-ug52-cuhn
10
vulnerability VCID-nuzy-ruzb-dke6
11
vulnerability VCID-p6m6-7kgc-y3g8
12
vulnerability VCID-pb6j-zdqw-g7cj
13
vulnerability VCID-pr2j-1118-hqaa
14
vulnerability VCID-q3td-7t4g-57ba
15
vulnerability VCID-qkq6-n1ds-x7e5
16
vulnerability VCID-u9b2-qx2j-c7by
17
vulnerability VCID-uk9u-nn9a-4yes
18
vulnerability VCID-wnj6-hc4g-ykfs
19
vulnerability VCID-yjn6-17qx-9ubc
20
vulnerability VCID-yrjg-2aw9-effx
21
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.5
aliases CVE-2018-14404, GHSA-6qvp-r6r3-9p7h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akrb-6bu8-nqfq
7
url VCID-b8q3-sd61-rqhf
vulnerability_id VCID-b8q3-sd61-rqhf
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5029.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5029.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5029
reference_id
reference_type
scores
0
value 0.01232
scoring_system epss
scoring_elements 0.79516
published_at 2026-06-04T12:55:00Z
1
value 0.01232
scoring_system epss
scoring_elements 0.79542
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5029
2
reference_url https://crbug.com/676623
reference_id
reference_type
scores
url https://crbug.com/676623
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046
21
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:N/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
22
reference_url https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
23
reference_url https://github.com/advisories/GHSA-pf6m-fxpq-fg8v
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-pf6m-fxpq-fg8v
24
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml
25
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
26
reference_url https://github.com/sparklemotion/nokogiri/issues/1634
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1634
27
reference_url https://ubuntu.com/security/CVE-2017-5029
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/security/CVE-2017-5029
28
reference_url https://ubuntu.com/security/notices/USN-3271-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/security/notices/USN-3271-1
29
reference_url http://www.securityfocus.com/bid/96767
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96767
30
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1431033
reference_id 1431033
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1431033
31
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546
reference_id 858546
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546
32
reference_url https://security.archlinux.org/ASA-201703-4
reference_id ASA-201703-4
reference_type
scores
url https://security.archlinux.org/ASA-201703-4
33
reference_url https://security.archlinux.org/ASA-201703-5
reference_id ASA-201703-5
reference_type
scores
url https://security.archlinux.org/ASA-201703-5
34
reference_url https://security.archlinux.org/AVG-195
reference_id AVG-195
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-195
35
reference_url https://security.archlinux.org/AVG-196
reference_id AVG-196
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-196
36
reference_url https://security.archlinux.org/AVG-197
reference_id AVG-197
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-197
37
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5029
reference_id CVE-2017-5029
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5029
38
reference_url https://security.gentoo.org/glsa/201804-01
reference_id GLSA-201804-01
reference_type
scores
url https://security.gentoo.org/glsa/201804-01
39
reference_url https://access.redhat.com/errata/RHSA-2017:0499
reference_id RHSA-2017:0499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0499
40
reference_url https://usn.ubuntu.com/3236-1/
reference_id USN-3236-1
reference_type
scores
url https://usn.ubuntu.com/3236-1/
41
reference_url https://usn.ubuntu.com/3271-1/
reference_id USN-3271-1
reference_type
scores
url https://usn.ubuntu.com/3271-1/
fixed_packages
0
url pkg:gem/nokogiri@1.7.1
purl pkg:gem/nokogiri@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-akrb-6bu8-nqfq
5
vulnerability VCID-b8q3-sd61-rqhf
6
vulnerability VCID-chdv-jk6d-uuga
7
vulnerability VCID-d13x-y75t-2ugx
8
vulnerability VCID-e8w6-ax3x-wqan
9
vulnerability VCID-ft4s-195a-8fcf
10
vulnerability VCID-gdgu-7d3a-uygr
11
vulnerability VCID-gwrv-agck-yuex
12
vulnerability VCID-j98t-paam-97ec
13
vulnerability VCID-jvd7-7jes-4ffn
14
vulnerability VCID-jxz3-ug52-cuhn
15
vulnerability VCID-m91c-mfu9-bbbh
16
vulnerability VCID-nuzy-ruzb-dke6
17
vulnerability VCID-p6m6-7kgc-y3g8
18
vulnerability VCID-pb6j-zdqw-g7cj
19
vulnerability VCID-pr2j-1118-hqaa
20
vulnerability VCID-q3td-7t4g-57ba
21
vulnerability VCID-qkq6-n1ds-x7e5
22
vulnerability VCID-u9b2-qx2j-c7by
23
vulnerability VCID-ueh5-fv4d-a7a8
24
vulnerability VCID-uk9u-nn9a-4yes
25
vulnerability VCID-wnj6-hc4g-ykfs
26
vulnerability VCID-yjn6-17qx-9ubc
27
vulnerability VCID-yrjg-2aw9-effx
28
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.1
1
url pkg:gem/nokogiri@1.7.2
purl pkg:gem/nokogiri@1.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-akrb-6bu8-nqfq
5
vulnerability VCID-chdv-jk6d-uuga
6
vulnerability VCID-d13x-y75t-2ugx
7
vulnerability VCID-e8w6-ax3x-wqan
8
vulnerability VCID-ft4s-195a-8fcf
9
vulnerability VCID-gdgu-7d3a-uygr
10
vulnerability VCID-gwrv-agck-yuex
11
vulnerability VCID-j98t-paam-97ec
12
vulnerability VCID-jvd7-7jes-4ffn
13
vulnerability VCID-jxz3-ug52-cuhn
14
vulnerability VCID-m91c-mfu9-bbbh
15
vulnerability VCID-nuzy-ruzb-dke6
16
vulnerability VCID-p6m6-7kgc-y3g8
17
vulnerability VCID-pb6j-zdqw-g7cj
18
vulnerability VCID-pr2j-1118-hqaa
19
vulnerability VCID-q3td-7t4g-57ba
20
vulnerability VCID-qkq6-n1ds-x7e5
21
vulnerability VCID-u9b2-qx2j-c7by
22
vulnerability VCID-ueh5-fv4d-a7a8
23
vulnerability VCID-uk9u-nn9a-4yes
24
vulnerability VCID-wnj6-hc4g-ykfs
25
vulnerability VCID-yjn6-17qx-9ubc
26
vulnerability VCID-yrjg-2aw9-effx
27
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.2
aliases CVE-2017-5029, GHSA-pf6m-fxpq-fg8v
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8q3-sd61-rqhf
8
url VCID-ba5w-ed8b-duar
vulnerability_id VCID-ba5w-ed8b-duar
summary 
Unsafe parsing of unclosed comments
Parsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory access.
references
0
reference_url https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22
1
reference_url https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1664--2015-11-19
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1664--2015-11-19
2
reference_url https://github.com/sparklemotion/nokogiri/commit/0948e9fa38c949661983a33752fdcb94a453e272
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/commit/0948e9fa38c949661983a33752fdcb94a453e272
3
reference_url https://github.com/sparklemotion/nokogiri/commit/3ab1b2339f7bb3a00590c8d288a24a9dbfe5aec4
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/commit/3ab1b2339f7bb3a00590c8d288a24a9dbfe5aec4
4
reference_url https://groups.google.com/forum/#!topic/nokogiri-talk/nFl0mfcJpbk
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/nokogiri-talk/nFl0mfcJpbk
fixed_packages
0
url pkg:gem/nokogiri@1.6.6.4
purl pkg:gem/nokogiri@1.6.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-9m3t-anwb-4fbx
5
vulnerability VCID-akrb-6bu8-nqfq
6
vulnerability VCID-b8q3-sd61-rqhf
7
vulnerability VCID-by7n-zrpn-jubw
8
vulnerability VCID-chdv-jk6d-uuga
9
vulnerability VCID-d13x-y75t-2ugx
10
vulnerability VCID-e8w6-ax3x-wqan
11
vulnerability VCID-efx2-bpu9-z7a4
12
vulnerability VCID-egft-crba-6ubx
13
vulnerability VCID-fn1n-adz5-5fcy
14
vulnerability VCID-ft4s-195a-8fcf
15
vulnerability VCID-gdgu-7d3a-uygr
16
vulnerability VCID-gwrv-agck-yuex
17
vulnerability VCID-j98t-paam-97ec
18
vulnerability VCID-jvd7-7jes-4ffn
19
vulnerability VCID-jxz3-ug52-cuhn
20
vulnerability VCID-m91c-mfu9-bbbh
21
vulnerability VCID-nuzy-ruzb-dke6
22
vulnerability VCID-p6m6-7kgc-y3g8
23
vulnerability VCID-pb6j-zdqw-g7cj
24
vulnerability VCID-pr2j-1118-hqaa
25
vulnerability VCID-q3td-7t4g-57ba
26
vulnerability VCID-qkq6-n1ds-x7e5
27
vulnerability VCID-u9b2-qx2j-c7by
28
vulnerability VCID-ueh5-fv4d-a7a8
29
vulnerability VCID-uk9u-nn9a-4yes
30
vulnerability VCID-wnj6-hc4g-ykfs
31
vulnerability VCID-yjn6-17qx-9ubc
32
vulnerability VCID-yrjg-2aw9-effx
33
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.6.4
1
url pkg:gem/nokogiri@1.6.7.rc4
purl pkg:gem/nokogiri@1.6.7.rc4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-9m3t-anwb-4fbx
5
vulnerability VCID-akrb-6bu8-nqfq
6
vulnerability VCID-b8q3-sd61-rqhf
7
vulnerability VCID-by7n-zrpn-jubw
8
vulnerability VCID-chdv-jk6d-uuga
9
vulnerability VCID-d13x-y75t-2ugx
10
vulnerability VCID-e8w6-ax3x-wqan
11
vulnerability VCID-efx2-bpu9-z7a4
12
vulnerability VCID-egft-crba-6ubx
13
vulnerability VCID-fn1n-adz5-5fcy
14
vulnerability VCID-ft4s-195a-8fcf
15
vulnerability VCID-gdgu-7d3a-uygr
16
vulnerability VCID-gwrv-agck-yuex
17
vulnerability VCID-j98t-paam-97ec
18
vulnerability VCID-jvd7-7jes-4ffn
19
vulnerability VCID-jxz3-ug52-cuhn
20
vulnerability VCID-m91c-mfu9-bbbh
21
vulnerability VCID-nuzy-ruzb-dke6
22
vulnerability VCID-p6m6-7kgc-y3g8
23
vulnerability VCID-pb6j-zdqw-g7cj
24
vulnerability VCID-pr2j-1118-hqaa
25
vulnerability VCID-q3td-7t4g-57ba
26
vulnerability VCID-qkq6-n1ds-x7e5
27
vulnerability VCID-u9b2-qx2j-c7by
28
vulnerability VCID-ueh5-fv4d-a7a8
29
vulnerability VCID-uk9u-nn9a-4yes
30
vulnerability VCID-wnj6-hc4g-ykfs
31
vulnerability VCID-yjn6-17qx-9ubc
32
vulnerability VCID-yrjg-2aw9-effx
33
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.rc4
aliases GMS-2015-43
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ba5w-ed8b-duar
9
url VCID-by7n-zrpn-jubw
vulnerability_id VCID-by7n-zrpn-jubw
summary 
Vulnerabilities in libxml2
The vendored version of libxml2 is affected by multiple vulnerabilities.
references
0
reference_url https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5
1
reference_url https://github.com/sparklemotion/nokogiri/pull/1378
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/pull/1378
2
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
3
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5312
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5312
4
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7497
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7497
5
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7498
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7498
6
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7499
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7499
7
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7500
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7500
8
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8241
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8241
9
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8242
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8242
10
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8317
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8317
fixed_packages
0
url pkg:gem/nokogiri@1.6.7.1
purl pkg:gem/nokogiri@1.6.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-9m3t-anwb-4fbx
5
vulnerability VCID-akrb-6bu8-nqfq
6
vulnerability VCID-b8q3-sd61-rqhf
7
vulnerability VCID-chdv-jk6d-uuga
8
vulnerability VCID-d13x-y75t-2ugx
9
vulnerability VCID-e8w6-ax3x-wqan
10
vulnerability VCID-egft-crba-6ubx
11
vulnerability VCID-fn1n-adz5-5fcy
12
vulnerability VCID-ft4s-195a-8fcf
13
vulnerability VCID-gdgu-7d3a-uygr
14
vulnerability VCID-gwrv-agck-yuex
15
vulnerability VCID-j98t-paam-97ec
16
vulnerability VCID-jvd7-7jes-4ffn
17
vulnerability VCID-jxz3-ug52-cuhn
18
vulnerability VCID-m91c-mfu9-bbbh
19
vulnerability VCID-nuzy-ruzb-dke6
20
vulnerability VCID-p6m6-7kgc-y3g8
21
vulnerability VCID-pb6j-zdqw-g7cj
22
vulnerability VCID-pr2j-1118-hqaa
23
vulnerability VCID-q3td-7t4g-57ba
24
vulnerability VCID-qkq6-n1ds-x7e5
25
vulnerability VCID-u9b2-qx2j-c7by
26
vulnerability VCID-ueh5-fv4d-a7a8
27
vulnerability VCID-uk9u-nn9a-4yes
28
vulnerability VCID-wnj6-hc4g-ykfs
29
vulnerability VCID-yjn6-17qx-9ubc
30
vulnerability VCID-yrjg-2aw9-effx
31
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.1
aliases GMS-2015-52
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-by7n-zrpn-jubw
10
url VCID-cgmw-k7dg-gbdw
vulnerability_id VCID-cgmw-k7dg-gbdw
summary 
Vulnerabilities in libxml2 and libxslt
Several vulnerabilities were discovered in the libxml2 and libxslt libraries that this package gem depends on.
references
0
reference_url http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
1
reference_url http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
2
reference_url http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
3
reference_url http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
4
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html
5
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html
6
reference_url http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
7
reference_url http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
8
reference_url http://rhn.redhat.com/errata/RHSA-2015-1419.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1419.html
9
reference_url http://rhn.redhat.com/errata/RHSA-2015-2550.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-2550.html
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1819.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1819.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1819
reference_id
reference_type
scores
0
value 0.02045
scoring_system epss
scoring_elements 0.8417
published_at 2026-06-04T12:55:00Z
1
value 0.02045
scoring_system epss
scoring_elements 0.84193
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1819
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
24
reference_url https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
25
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml
26
reference_url https://github.com/sparklemotion/nokogiri/commit/8f3de6d88d0da11fb62a45daa61b85ce71b4af59
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/commit/8f3de6d88d0da11fb62a45daa61b85ce71b4af59
27
reference_url https://github.com/sparklemotion/nokogiri/issues/1374
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1374
28
reference_url https://github.com/sparklemotion/nokogiri/pull/1376
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/pull/1376
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1819
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1819
30
reference_url https://security.gentoo.org/glsa/201507-08
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201507-08
31
reference_url https://security.gentoo.org/glsa/201701-37
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201701-37
32
reference_url https://support.apple.com/HT206166
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT206166
33
reference_url https://support.apple.com/HT206167
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT206167
34
reference_url https://support.apple.com/HT206168
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT206168
35
reference_url https://support.apple.com/HT206169
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT206169
36
reference_url http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3430
37
reference_url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
38
reference_url http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
39
reference_url http://www.ubuntu.com/usn/USN-2812-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2812-1
40
reference_url http://xmlsoft.org/news.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://xmlsoft.org/news.html
41
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1211278
reference_id 1211278
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1211278
42
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782782
reference_id 782782
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782782
43
reference_url https://github.com/advisories/GHSA-q7wx-62r7-j2x7
reference_id GHSA-q7wx-62r7-j2x7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q7wx-62r7-j2x7
44
reference_url https://access.redhat.com/errata/RHSA-2015:1419
reference_id RHSA-2015:1419
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1419
45
reference_url https://access.redhat.com/errata/RHSA-2015:2550
reference_id RHSA-2015:2550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:2550
46
reference_url https://usn.ubuntu.com/2812-1/
reference_id USN-2812-1
reference_type
scores
url https://usn.ubuntu.com/2812-1/
fixed_packages
0
url pkg:gem/nokogiri@1.6.6.4
purl pkg:gem/nokogiri@1.6.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-9m3t-anwb-4fbx
5
vulnerability VCID-akrb-6bu8-nqfq
6
vulnerability VCID-b8q3-sd61-rqhf
7
vulnerability VCID-by7n-zrpn-jubw
8
vulnerability VCID-chdv-jk6d-uuga
9
vulnerability VCID-d13x-y75t-2ugx
10
vulnerability VCID-e8w6-ax3x-wqan
11
vulnerability VCID-efx2-bpu9-z7a4
12
vulnerability VCID-egft-crba-6ubx
13
vulnerability VCID-fn1n-adz5-5fcy
14
vulnerability VCID-ft4s-195a-8fcf
15
vulnerability VCID-gdgu-7d3a-uygr
16
vulnerability VCID-gwrv-agck-yuex
17
vulnerability VCID-j98t-paam-97ec
18
vulnerability VCID-jvd7-7jes-4ffn
19
vulnerability VCID-jxz3-ug52-cuhn
20
vulnerability VCID-m91c-mfu9-bbbh
21
vulnerability VCID-nuzy-ruzb-dke6
22
vulnerability VCID-p6m6-7kgc-y3g8
23
vulnerability VCID-pb6j-zdqw-g7cj
24
vulnerability VCID-pr2j-1118-hqaa
25
vulnerability VCID-q3td-7t4g-57ba
26
vulnerability VCID-qkq6-n1ds-x7e5
27
vulnerability VCID-u9b2-qx2j-c7by
28
vulnerability VCID-ueh5-fv4d-a7a8
29
vulnerability VCID-uk9u-nn9a-4yes
30
vulnerability VCID-wnj6-hc4g-ykfs
31
vulnerability VCID-yjn6-17qx-9ubc
32
vulnerability VCID-yrjg-2aw9-effx
33
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.6.4
1
url pkg:gem/nokogiri@1.6.7.rc4
purl pkg:gem/nokogiri@1.6.7.rc4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-9m3t-anwb-4fbx
5
vulnerability VCID-akrb-6bu8-nqfq
6
vulnerability VCID-b8q3-sd61-rqhf
7
vulnerability VCID-by7n-zrpn-jubw
8
vulnerability VCID-chdv-jk6d-uuga
9
vulnerability VCID-d13x-y75t-2ugx
10
vulnerability VCID-e8w6-ax3x-wqan
11
vulnerability VCID-efx2-bpu9-z7a4
12
vulnerability VCID-egft-crba-6ubx
13
vulnerability VCID-fn1n-adz5-5fcy
14
vulnerability VCID-ft4s-195a-8fcf
15
vulnerability VCID-gdgu-7d3a-uygr
16
vulnerability VCID-gwrv-agck-yuex
17
vulnerability VCID-j98t-paam-97ec
18
vulnerability VCID-jvd7-7jes-4ffn
19
vulnerability VCID-jxz3-ug52-cuhn
20
vulnerability VCID-m91c-mfu9-bbbh
21
vulnerability VCID-nuzy-ruzb-dke6
22
vulnerability VCID-p6m6-7kgc-y3g8
23
vulnerability VCID-pb6j-zdqw-g7cj
24
vulnerability VCID-pr2j-1118-hqaa
25
vulnerability VCID-q3td-7t4g-57ba
26
vulnerability VCID-qkq6-n1ds-x7e5
27
vulnerability VCID-u9b2-qx2j-c7by
28
vulnerability VCID-ueh5-fv4d-a7a8
29
vulnerability VCID-uk9u-nn9a-4yes
30
vulnerability VCID-wnj6-hc4g-ykfs
31
vulnerability VCID-yjn6-17qx-9ubc
32
vulnerability VCID-yrjg-2aw9-effx
33
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.rc4
aliases CVE-2015-1819, GHSA-q7wx-62r7-j2x7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgmw-k7dg-gbdw
11
url VCID-chdv-jk6d-uuga
vulnerability_id VCID-chdv-jk6d-uuga
summary 
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
## Summary

Nokogiri v1.18.3 upgrades its dependency libxml2 to
[v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6).

libxml2 v2.13.6 addresses:

- CVE-2025-24928
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
- CVE-2024-56171
   - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

## Impact

### CVE-2025-24928

Stack-buffer overflow is possible when reporting DTD validation
errors if the input contains a long (~3kb) QName prefix.

### CVE-2024-56171

Use-after-free is possible during validation against untrusted
XML Schemas (.xsd) and, potentially, validation of untrusted documents
against trusted Schemas if they make use of `xsd:keyref` in combination
with recursively defined types that have additional identity constraints.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m
2
reference_url https://github.com/advisories/GHSA-vvfq-8hwr-qm4m
reference_id GHSA-vvfq-8hwr-qm4m
reference_type
scores
url https://github.com/advisories/GHSA-vvfq-8hwr-qm4m
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml
reference_id GHSA-vvfq-8hwr-qm4m.yml
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml
fixed_packages
0
url pkg:gem/nokogiri@1.18.3
purl pkg:gem/nokogiri@1.18.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d13x-y75t-2ugx
1
vulnerability VCID-pb6j-zdqw-g7cj
2
vulnerability VCID-wnj6-hc4g-ykfs
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.3
aliases GHSA-vvfq-8hwr-qm4m
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chdv-jk6d-uuga
12
url VCID-d13x-y75t-2ugx
vulnerability_id VCID-d13x-y75t-2ugx
summary 
Nokogiri does not check the return value from xmlC14NExecute
Nokogiri's CRuby extension fails to check the return value from `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize` and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may allow downstream libraries to accept invalid or incomplete canonicalized XML, which has been demonstrated to enable signature validation bypass in SAML libraries.

JRuby is not affected, as the Java implementation correctly raises `RuntimeError` on canonicalization failure.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/advisories/GHSA-wx95-c6cv-8532
reference_id GHSA-wx95-c6cv-8532
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wx95-c6cv-8532
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532
reference_id GHSA-wx95-c6cv-8532
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532
fixed_packages
0
url pkg:gem/nokogiri@1.19.1
purl pkg:gem/nokogiri@1.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d13x-y75t-2ugx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.19.1
aliases GHSA-wx95-c6cv-8532
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d13x-y75t-2ugx
13
url VCID-e8w6-ax3x-wqan
vulnerability_id VCID-e8w6-ax3x-wqan
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3517
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.28493
published_at 2026-06-05T12:55:00Z
1
value 0.00107
scoring_system epss
scoring_elements 0.28421
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3517
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1954232
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=1954232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml
6
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
7
reference_url https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579
8
reference_url https://github.com/sparklemotion/nokogiri/issues/2233
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/2233
9
reference_url https://github.com/sparklemotion/nokogiri/issues/2274
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/2274
10
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e
11
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
13
reference_url https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
18
reference_url https://security.gentoo.org/glsa/202107-05
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://security.gentoo.org/glsa/202107-05
19
reference_url https://security.netapp.com/advisory/ntap-20210625-0002
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210625-0002
20
reference_url https://security.netapp.com/advisory/ntap-20210625-0002/
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://security.netapp.com/advisory/ntap-20210625-0002/
21
reference_url https://security.netapp.com/advisory/ntap-20211022-0004
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20211022-0004
22
reference_url https://security.netapp.com/advisory/ntap-20211022-0004/
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://security.netapp.com/advisory/ntap-20211022-0004/
23
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
24
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
25
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
26
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738
reference_id 987738
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738
28
reference_url https://security.archlinux.org/AVG-1883
reference_id AVG-1883
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1883
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3517
reference_id CVE-2021-3517
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3517
31
reference_url https://github.com/advisories/GHSA-jw9f-hh49-cvp9
reference_id GHSA-jw9f-hh49-cvp9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jw9f-hh49-cvp9
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
33
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
35
reference_url https://access.redhat.com/errata/RHSA-2021:2569
reference_id RHSA-2021:2569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2569
36
reference_url https://access.redhat.com/errata/RHSA-2022:1389
reference_id RHSA-2022:1389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1389
37
reference_url https://access.redhat.com/errata/RHSA-2022:1390
reference_id RHSA-2022:1390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1390
38
reference_url https://usn.ubuntu.com/4991-1/
reference_id USN-4991-1
reference_type
scores
url https://usn.ubuntu.com/4991-1/
fixed_packages
0
url pkg:gem/nokogiri@1.11.4
purl pkg:gem/nokogiri@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chdv-jk6d-uuga
1
vulnerability VCID-d13x-y75t-2ugx
2
vulnerability VCID-p6m6-7kgc-y3g8
3
vulnerability VCID-pb6j-zdqw-g7cj
4
vulnerability VCID-pr2j-1118-hqaa
5
vulnerability VCID-q3td-7t4g-57ba
6
vulnerability VCID-qkq6-n1ds-x7e5
7
vulnerability VCID-wnj6-hc4g-ykfs
8
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4
aliases CVE-2021-3517, GHSA-jw9f-hh49-cvp9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8w6-ax3x-wqan
14
url VCID-efx2-bpu9-z7a4
vulnerability_id VCID-efx2-bpu9-z7a4
summary 
Vulnerabilities in libxml2
Several vulnerabilities were discovered in the libxml2 library that this package gem depends on.
references
0
reference_url http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
3
reference_url http://marc.info/?l=bugtraq&m=145382616617563&w=2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://marc.info/?l=bugtraq&m=145382616617563&w=2
4
reference_url http://rhn.redhat.com/errata/RHSA-2015-2549.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-2549.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2015-2550.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-2550.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5312.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5312.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5312
reference_id
reference_type
scores
0
value 0.01078
scoring_system epss
scoring_elements 0.78187
published_at 2026-06-05T12:55:00Z
1
value 0.01078
scoring_system epss
scoring_elements 0.7816
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5312
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1276693
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1276693
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
21
reference_url https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e
22
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-5312.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-5312.yml
23
reference_url https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5
24
reference_url https://github.com/sparklemotion/nokogiri/pull/1378
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/pull/1378
25
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
26
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
27
reference_url https://security.gentoo.org/glsa/201701-37
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201701-37
28
reference_url https://support.apple.com/HT206166
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT206166
29
reference_url https://support.apple.com/HT206167
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT206167
30
reference_url https://support.apple.com/HT206168
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT206168
31
reference_url https://support.apple.com/HT206169
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT206169
32
reference_url http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3430
33
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
34
reference_url http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
35
reference_url http://www.ubuntu.com/usn/USN-2834-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2834-1
36
reference_url http://xmlsoft.org/news.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://xmlsoft.org/news.html
37
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5312
reference_id CVE-2015-5312
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5312
38
reference_url https://github.com/advisories/GHSA-xjqg-9jvg-fgx2
reference_id GHSA-xjqg-9jvg-fgx2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xjqg-9jvg-fgx2
39
reference_url https://access.redhat.com/errata/RHSA-2015:2549
reference_id RHSA-2015:2549
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:2549
40
reference_url https://access.redhat.com/errata/RHSA-2015:2550
reference_id RHSA-2015:2550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:2550
41
reference_url https://access.redhat.com/errata/RHSA-2016:1089
reference_id RHSA-2016:1089
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1089
42
reference_url https://usn.ubuntu.com/2834-1/
reference_id USN-2834-1
reference_type
scores
url https://usn.ubuntu.com/2834-1/
fixed_packages
0
url pkg:gem/nokogiri@1.6.7.1
purl pkg:gem/nokogiri@1.6.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-9m3t-anwb-4fbx
5
vulnerability VCID-akrb-6bu8-nqfq
6
vulnerability VCID-b8q3-sd61-rqhf
7
vulnerability VCID-chdv-jk6d-uuga
8
vulnerability VCID-d13x-y75t-2ugx
9
vulnerability VCID-e8w6-ax3x-wqan
10
vulnerability VCID-egft-crba-6ubx
11
vulnerability VCID-fn1n-adz5-5fcy
12
vulnerability VCID-ft4s-195a-8fcf
13
vulnerability VCID-gdgu-7d3a-uygr
14
vulnerability VCID-gwrv-agck-yuex
15
vulnerability VCID-j98t-paam-97ec
16
vulnerability VCID-jvd7-7jes-4ffn
17
vulnerability VCID-jxz3-ug52-cuhn
18
vulnerability VCID-m91c-mfu9-bbbh
19
vulnerability VCID-nuzy-ruzb-dke6
20
vulnerability VCID-p6m6-7kgc-y3g8
21
vulnerability VCID-pb6j-zdqw-g7cj
22
vulnerability VCID-pr2j-1118-hqaa
23
vulnerability VCID-q3td-7t4g-57ba
24
vulnerability VCID-qkq6-n1ds-x7e5
25
vulnerability VCID-u9b2-qx2j-c7by
26
vulnerability VCID-ueh5-fv4d-a7a8
27
vulnerability VCID-uk9u-nn9a-4yes
28
vulnerability VCID-wnj6-hc4g-ykfs
29
vulnerability VCID-yjn6-17qx-9ubc
30
vulnerability VCID-yrjg-2aw9-effx
31
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.1
aliases CVE-2015-5312, GHSA-xjqg-9jvg-fgx2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-efx2-bpu9-z7a4
15
url VCID-egft-crba-6ubx
vulnerability_id VCID-egft-crba-6ubx
summary 
Uncontrolled Resource Consumption
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8806.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8806.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8806
reference_id
reference_type
scores
0
value 0.08565
scoring_system epss
scoring_elements 0.92549
published_at 2026-06-04T12:55:00Z
1
value 0.08565
scoring_system epss
scoring_elements 0.92562
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8806
2
reference_url https://bugzilla.gnome.org/show_bug.cgi?id=749115
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.gnome.org/show_bug.cgi?id=749115
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
19
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml
21
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
22
reference_url https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028
23
reference_url https://github.com/sparklemotion/nokogiri/issues/1473
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1473
24
reference_url https://mail.gnome.org/archives/xml/2016-May/msg00023.html
reference_id
reference_type
scores
url https://mail.gnome.org/archives/xml/2016-May/msg00023.html
25
reference_url https://security.gentoo.org/glsa/201701-37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201701-37
26
reference_url https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071
27
reference_url https://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2016/dsa-3593
28
reference_url http://www.openwall.com/lists/oss-security/2016/02/03/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/02/03/5
29
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
30
reference_url http://www.ubuntu.com/usn/usn-2994-1/
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/usn-2994-1/
31
reference_url http://www.ubuntu.com/usn/USN-2994-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2994-1
32
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1304636
reference_id 1304636
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1304636
33
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613
reference_id 813613
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613
34
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8806
reference_id CVE-2015-8806
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-8806
35
reference_url https://github.com/advisories/GHSA-7hp2-xwpj-95jq
reference_id GHSA-7hp2-xwpj-95jq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7hp2-xwpj-95jq
36
reference_url https://usn.ubuntu.com/2994-1/
reference_id USN-2994-1
reference_type
scores
url https://usn.ubuntu.com/2994-1/
fixed_packages
0
url pkg:gem/nokogiri@1.6.8
purl pkg:gem/nokogiri@1.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-9m3t-anwb-4fbx
5
vulnerability VCID-akrb-6bu8-nqfq
6
vulnerability VCID-b8q3-sd61-rqhf
7
vulnerability VCID-chdv-jk6d-uuga
8
vulnerability VCID-d13x-y75t-2ugx
9
vulnerability VCID-e8w6-ax3x-wqan
10
vulnerability VCID-ft4s-195a-8fcf
11
vulnerability VCID-gdgu-7d3a-uygr
12
vulnerability VCID-gwrv-agck-yuex
13
vulnerability VCID-j98t-paam-97ec
14
vulnerability VCID-jvd7-7jes-4ffn
15
vulnerability VCID-jxz3-ug52-cuhn
16
vulnerability VCID-m91c-mfu9-bbbh
17
vulnerability VCID-nuzy-ruzb-dke6
18
vulnerability VCID-p6m6-7kgc-y3g8
19
vulnerability VCID-pb6j-zdqw-g7cj
20
vulnerability VCID-pr2j-1118-hqaa
21
vulnerability VCID-q3td-7t4g-57ba
22
vulnerability VCID-qkq6-n1ds-x7e5
23
vulnerability VCID-u9b2-qx2j-c7by
24
vulnerability VCID-ueh5-fv4d-a7a8
25
vulnerability VCID-uk9u-nn9a-4yes
26
vulnerability VCID-wnj6-hc4g-ykfs
27
vulnerability VCID-yjn6-17qx-9ubc
28
vulnerability VCID-yrjg-2aw9-effx
29
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.8
aliases CVE-2015-8806, GHSA-7hp2-xwpj-95jq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egft-crba-6ubx
16
url VCID-fn1n-adz5-5fcy
vulnerability_id VCID-fn1n-adz5-5fcy
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-2549.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-2549.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2015-2550.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-2550.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7499.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7499.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7499
reference_id
reference_type
scores
0
value 0.00714
scoring_system epss
scoring_elements 0.72758
published_at 2026-06-05T12:55:00Z
1
value 0.00714
scoring_system epss
scoring_elements 0.7272
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7499
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1281925
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1281925
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
19
reference_url https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc
20
reference_url https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da
21
reference_url https://github.com/advisories/GHSA-jxjr-5h69-qw3w
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jxjr-5h69-qw3w
22
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml
23
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
24
reference_url https://security.gentoo.org/glsa/201701-37
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201701-37
25
reference_url https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509
26
reference_url https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243
27
reference_url http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3430
28
reference_url http://www.ubuntu.com/usn/USN-2834-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2834-1
29
reference_url http://xmlsoft.org/news.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://xmlsoft.org/news.html
30
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7499
reference_id CVE-2015-7499
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7499
31
reference_url https://access.redhat.com/errata/RHSA-2015:2549
reference_id RHSA-2015:2549
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:2549
32
reference_url https://access.redhat.com/errata/RHSA-2015:2550
reference_id RHSA-2015:2550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:2550
33
reference_url https://access.redhat.com/errata/RHSA-2016:1089
reference_id RHSA-2016:1089
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1089
34
reference_url https://usn.ubuntu.com/2834-1/
reference_id USN-2834-1
reference_type
scores
url https://usn.ubuntu.com/2834-1/
35
reference_url https://usn.ubuntu.com/2875-1/
reference_id USN-2875-1
reference_type
scores
url https://usn.ubuntu.com/2875-1/
fixed_packages
0
url pkg:gem/nokogiri@1.6.7.2
purl pkg:gem/nokogiri@1.6.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-9m3t-anwb-4fbx
5
vulnerability VCID-akrb-6bu8-nqfq
6
vulnerability VCID-b8q3-sd61-rqhf
7
vulnerability VCID-chdv-jk6d-uuga
8
vulnerability VCID-d13x-y75t-2ugx
9
vulnerability VCID-e8w6-ax3x-wqan
10
vulnerability VCID-egft-crba-6ubx
11
vulnerability VCID-ft4s-195a-8fcf
12
vulnerability VCID-gdgu-7d3a-uygr
13
vulnerability VCID-gwrv-agck-yuex
14
vulnerability VCID-j98t-paam-97ec
15
vulnerability VCID-jvd7-7jes-4ffn
16
vulnerability VCID-jxz3-ug52-cuhn
17
vulnerability VCID-m91c-mfu9-bbbh
18
vulnerability VCID-nuzy-ruzb-dke6
19
vulnerability VCID-p6m6-7kgc-y3g8
20
vulnerability VCID-pb6j-zdqw-g7cj
21
vulnerability VCID-pr2j-1118-hqaa
22
vulnerability VCID-q3td-7t4g-57ba
23
vulnerability VCID-qkq6-n1ds-x7e5
24
vulnerability VCID-u9b2-qx2j-c7by
25
vulnerability VCID-ueh5-fv4d-a7a8
26
vulnerability VCID-uk9u-nn9a-4yes
27
vulnerability VCID-wnj6-hc4g-ykfs
28
vulnerability VCID-yjn6-17qx-9ubc
29
vulnerability VCID-yrjg-2aw9-effx
30
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.2
1
url pkg:gem/nokogiri@1.6.8.rc1
purl pkg:gem/nokogiri@1.6.8.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-9m3t-anwb-4fbx
5
vulnerability VCID-akrb-6bu8-nqfq
6
vulnerability VCID-b8q3-sd61-rqhf
7
vulnerability VCID-chdv-jk6d-uuga
8
vulnerability VCID-d13x-y75t-2ugx
9
vulnerability VCID-e8w6-ax3x-wqan
10
vulnerability VCID-egft-crba-6ubx
11
vulnerability VCID-fn1n-adz5-5fcy
12
vulnerability VCID-ft4s-195a-8fcf
13
vulnerability VCID-gdgu-7d3a-uygr
14
vulnerability VCID-gwrv-agck-yuex
15
vulnerability VCID-j98t-paam-97ec
16
vulnerability VCID-jvd7-7jes-4ffn
17
vulnerability VCID-jxz3-ug52-cuhn
18
vulnerability VCID-m91c-mfu9-bbbh
19
vulnerability VCID-nuzy-ruzb-dke6
20
vulnerability VCID-p6m6-7kgc-y3g8
21
vulnerability VCID-pb6j-zdqw-g7cj
22
vulnerability VCID-pr2j-1118-hqaa
23
vulnerability VCID-q3td-7t4g-57ba
24
vulnerability VCID-qkq6-n1ds-x7e5
25
vulnerability VCID-u9b2-qx2j-c7by
26
vulnerability VCID-ueh5-fv4d-a7a8
27
vulnerability VCID-uk9u-nn9a-4yes
28
vulnerability VCID-wnj6-hc4g-ykfs
29
vulnerability VCID-yjn6-17qx-9ubc
30
vulnerability VCID-yrjg-2aw9-effx
31
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.8.rc1
aliases CVE-2015-7499, GHSA-jxjr-5h69-qw3w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fn1n-adz5-5fcy
17
url VCID-ft4s-195a-8fcf
vulnerability_id VCID-ft4s-195a-8fcf
summary 
Improper Input Validation
In `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13118
reference_id
reference_type
scores
0
value 0.01008
scoring_system epss
scoring_elements 0.77436
published_at 2026-06-05T12:55:00Z
1
value 0.01008
scoring_system epss
scoring_elements 0.77408
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13118
3
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13118
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13118
5
reference_url http://seclists.org/fulldisclosure/2019/Aug/11
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Aug/11
6
reference_url http://seclists.org/fulldisclosure/2019/Aug/13
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Aug/13
7
reference_url http://seclists.org/fulldisclosure/2019/Aug/14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Aug/14
8
reference_url http://seclists.org/fulldisclosure/2019/Aug/15
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Aug/15
9
reference_url http://seclists.org/fulldisclosure/2019/Jul/22
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/22
10
reference_url http://seclists.org/fulldisclosure/2019/Jul/23
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/23
11
reference_url http://seclists.org/fulldisclosure/2019/Jul/24
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/24
12
reference_url http://seclists.org/fulldisclosure/2019/Jul/26
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/26
13
reference_url http://seclists.org/fulldisclosure/2019/Jul/31
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/31
14
reference_url http://seclists.org/fulldisclosure/2019/Jul/37
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/37
15
reference_url http://seclists.org/fulldisclosure/2019/Jul/38
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/38
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796
18
reference_url https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e
19
reference_url https://github.com/sparklemotion/nokogiri/issues/1943
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1943
20
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5
21
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
22
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
24
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
26
reference_url https://oss-fuzz.com/testcase-detail/5197371471822848
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://oss-fuzz.com/testcase-detail/5197371471822848
27
reference_url https://seclists.org/bugtraq/2019/Aug/21
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Aug/21
28
reference_url https://seclists.org/bugtraq/2019/Aug/22
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Aug/22
29
reference_url https://seclists.org/bugtraq/2019/Aug/23
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Aug/23
30
reference_url https://seclists.org/bugtraq/2019/Aug/25
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Aug/25
31
reference_url https://seclists.org/bugtraq/2019/Jul/35
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Jul/35
32
reference_url https://seclists.org/bugtraq/2019/Jul/36
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Jul/36
33
reference_url https://seclists.org/bugtraq/2019/Jul/37
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Jul/37
34
reference_url https://seclists.org/bugtraq/2019/Jul/40
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Jul/40
35
reference_url https://seclists.org/bugtraq/2019/Jul/41
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Jul/41
36
reference_url https://seclists.org/bugtraq/2019/Jul/42
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Jul/42
37
reference_url https://security.netapp.com/advisory/ntap-20190806-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190806-0004
38
reference_url https://security.netapp.com/advisory/ntap-20200122-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200122-0003
39
reference_url https://support.apple.com/kb/HT210346
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210346
40
reference_url https://support.apple.com/kb/HT210348
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210348
41
reference_url https://support.apple.com/kb/HT210351
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210351
42
reference_url https://support.apple.com/kb/HT210353
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210353
43
reference_url https://support.apple.com/kb/HT210356
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210356
44
reference_url https://support.apple.com/kb/HT210357
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210357
45
reference_url https://support.apple.com/kb/HT210358
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210358
46
reference_url https://usn.ubuntu.com/4164-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4164-1
47
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://www.oracle.com/security-alerts/cpujan2020.html
48
reference_url http://www.openwall.com/lists/oss-security/2019/11/17/2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://www.openwall.com/lists/oss-security/2019/11/17/2
49
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1728541
reference_id 1728541
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1728541
50
reference_url https://usn.ubuntu.com/4164-1/
reference_id 4164-1
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://usn.ubuntu.com/4164-1/
51
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320
reference_id 931320
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320
52
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13118
reference_id CVE-2019-13118
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13118
53
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
reference_id IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
54
reference_url https://security.netapp.com/advisory/ntap-20190806-0004/
reference_id ntap-20190806-0004
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://security.netapp.com/advisory/ntap-20190806-0004/
55
reference_url https://security.netapp.com/advisory/ntap-20200122-0003/
reference_id ntap-20200122-0003
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://security.netapp.com/advisory/ntap-20200122-0003/
56
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
57
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
fixed_packages
0
url pkg:gem/nokogiri@1.10.5
purl pkg:gem/nokogiri@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-6t8y-27ba-cfa2
3
vulnerability VCID-chdv-jk6d-uuga
4
vulnerability VCID-d13x-y75t-2ugx
5
vulnerability VCID-e8w6-ax3x-wqan
6
vulnerability VCID-jxz3-ug52-cuhn
7
vulnerability VCID-nuzy-ruzb-dke6
8
vulnerability VCID-p6m6-7kgc-y3g8
9
vulnerability VCID-pb6j-zdqw-g7cj
10
vulnerability VCID-pr2j-1118-hqaa
11
vulnerability VCID-q3td-7t4g-57ba
12
vulnerability VCID-qkq6-n1ds-x7e5
13
vulnerability VCID-wnj6-hc4g-ykfs
14
vulnerability VCID-yjn6-17qx-9ubc
15
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5
aliases CVE-2019-13118, GHSA-cf46-6xxh-pc75
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ft4s-195a-8fcf
18
url VCID-gdgu-7d3a-uygr
vulnerability_id VCID-gdgu-7d3a-uygr
summary 
Vulnerabilities in libxml2
The version of libxml2 packaged with Nokogiri contains several vulnerabilities. Nokogiri has mitigated these issues by upgrading to libxml It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use this to specially construct XML data that could expose sensitive information. (CVE-2017-7375) It was discovered that a buffer overflow existed in libxml2 when handling HTTP redirects. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-7376) Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-9047) Marcel Böhme and Van-Thuan Pham discovered a buffer overread in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service. (CVE-2017-9048) Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads in libxml2 when handling parameter-entity references. An attacker could use these to specially construct XML data that could cause a denial of service. (CVE-2017-9049, CVE-2017-9050)
references
0
reference_url https://github.com/sparklemotion/nokogiri/issues/1673
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/issues/1673
fixed_packages
0
url pkg:gem/nokogiri@1.8.1
purl pkg:gem/nokogiri@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-akrb-6bu8-nqfq
5
vulnerability VCID-chdv-jk6d-uuga
6
vulnerability VCID-d13x-y75t-2ugx
7
vulnerability VCID-e8w6-ax3x-wqan
8
vulnerability VCID-ft4s-195a-8fcf
9
vulnerability VCID-gwrv-agck-yuex
10
vulnerability VCID-j98t-paam-97ec
11
vulnerability VCID-jvd7-7jes-4ffn
12
vulnerability VCID-jxz3-ug52-cuhn
13
vulnerability VCID-nuzy-ruzb-dke6
14
vulnerability VCID-p6m6-7kgc-y3g8
15
vulnerability VCID-pb6j-zdqw-g7cj
16
vulnerability VCID-pr2j-1118-hqaa
17
vulnerability VCID-q3td-7t4g-57ba
18
vulnerability VCID-qkq6-n1ds-x7e5
19
vulnerability VCID-u9b2-qx2j-c7by
20
vulnerability VCID-ueh5-fv4d-a7a8
21
vulnerability VCID-uk9u-nn9a-4yes
22
vulnerability VCID-wnj6-hc4g-ykfs
23
vulnerability VCID-yjn6-17qx-9ubc
24
vulnerability VCID-yrjg-2aw9-effx
25
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.1
aliases USN-3424-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdgu-7d3a-uygr
19
url VCID-gwrv-agck-yuex
vulnerability_id VCID-gwrv-agck-yuex
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In the Loofah gem for Ruby, denylisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8048.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8048.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8048
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.722
published_at 2026-06-05T12:55:00Z
1
value 0.00689
scoring_system epss
scoring_elements 0.72159
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8048
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8048
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-x7rv-cr6v-4vm4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-x7rv-cr6v-4vm4
5
reference_url https://github.com/flavorjones/loofah
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/flavorjones/loofah
6
reference_url https://github.com/flavorjones/loofah/commit/f739cf8eac5851f328b8044281d6653f74eff116
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/flavorjones/loofah/commit/f739cf8eac5851f328b8044281d6653f74eff116
7
reference_url https://github.com/flavorjones/loofah/issues/144
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/flavorjones/loofah/issues/144
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-8048.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-8048.yml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-8048.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-8048.yml
10
reference_url https://github.com/sparklemotion/nokogiri/pull/1746
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/pull/1746
11
reference_url https://security.netapp.com/advisory/ntap-20191122-0003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191122-0003
12
reference_url https://security.netapp.com/advisory/ntap-20191122-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191122-0003/
13
reference_url https://www.debian.org/security/2018/dsa-4171
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4171
14
reference_url http://www.openwall.com/lists/oss-security/2018/03/19/5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2018/03/19/5
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1559071
reference_id 1559071
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1559071
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596
reference_id 893596
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8048
reference_id CVE-2018-8048
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8048
fixed_packages
0
url pkg:gem/nokogiri@1.8.3
purl pkg:gem/nokogiri@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-akrb-6bu8-nqfq
5
vulnerability VCID-chdv-jk6d-uuga
6
vulnerability VCID-d13x-y75t-2ugx
7
vulnerability VCID-e8w6-ax3x-wqan
8
vulnerability VCID-ft4s-195a-8fcf
9
vulnerability VCID-jvd7-7jes-4ffn
10
vulnerability VCID-jxz3-ug52-cuhn
11
vulnerability VCID-nuzy-ruzb-dke6
12
vulnerability VCID-p6m6-7kgc-y3g8
13
vulnerability VCID-pb6j-zdqw-g7cj
14
vulnerability VCID-pr2j-1118-hqaa
15
vulnerability VCID-q3td-7t4g-57ba
16
vulnerability VCID-qkq6-n1ds-x7e5
17
vulnerability VCID-u9b2-qx2j-c7by
18
vulnerability VCID-uk9u-nn9a-4yes
19
vulnerability VCID-wnj6-hc4g-ykfs
20
vulnerability VCID-yjn6-17qx-9ubc
21
vulnerability VCID-yrjg-2aw9-effx
22
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.3
aliases CVE-2018-8048, GHSA-x7rv-cr6v-4vm4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwrv-agck-yuex
20
url VCID-j98t-paam-97ec
vulnerability_id VCID-j98t-paam-97ec
summary 
Allocation of Resources Without Limits or Throttling
The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18258
reference_id
reference_type
scores
0
value 0.00898
scoring_system epss
scoring_elements 0.76045
published_at 2026-06-05T12:55:00Z
1
value 0.00898
scoring_system epss
scoring_elements 0.7602
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18258
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml
6
reference_url https://kc.mcafee.com/corporate/index?page=content&id=SB10284
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://kc.mcafee.com/corporate/index?page=content&id=SB10284
7
reference_url https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
8
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
9
reference_url https://security.netapp.com/advisory/ntap-20190719-0001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190719-0001
10
reference_url https://security.netapp.com/advisory/ntap-20190719-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190719-0001/
11
reference_url https://usn.ubuntu.com/3739-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3739-1
12
reference_url https://usn.ubuntu.com/3739-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3739-1/
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1566749
reference_id 1566749
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1566749
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245
reference_id 895245
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245
15
reference_url https://security.archlinux.org/AVG-671
reference_id AVG-671
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-671
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18258
reference_id CVE-2017-18258
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18258
17
reference_url https://github.com/advisories/GHSA-882p-jqgm-f45g
reference_id GHSA-882p-jqgm-f45g
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-882p-jqgm-f45g
18
reference_url https://access.redhat.com/errata/RHSA-2020:1190
reference_id RHSA-2020:1190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1190
fixed_packages
0
url pkg:gem/nokogiri@1.8.2
purl pkg:gem/nokogiri@1.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-akrb-6bu8-nqfq
5
vulnerability VCID-chdv-jk6d-uuga
6
vulnerability VCID-d13x-y75t-2ugx
7
vulnerability VCID-e8w6-ax3x-wqan
8
vulnerability VCID-ft4s-195a-8fcf
9
vulnerability VCID-gwrv-agck-yuex
10
vulnerability VCID-jvd7-7jes-4ffn
11
vulnerability VCID-jxz3-ug52-cuhn
12
vulnerability VCID-nuzy-ruzb-dke6
13
vulnerability VCID-p6m6-7kgc-y3g8
14
vulnerability VCID-pb6j-zdqw-g7cj
15
vulnerability VCID-pr2j-1118-hqaa
16
vulnerability VCID-q3td-7t4g-57ba
17
vulnerability VCID-qkq6-n1ds-x7e5
18
vulnerability VCID-u9b2-qx2j-c7by
19
vulnerability VCID-uk9u-nn9a-4yes
20
vulnerability VCID-wnj6-hc4g-ykfs
21
vulnerability VCID-yjn6-17qx-9ubc
22
vulnerability VCID-yrjg-2aw9-effx
23
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.2
aliases CVE-2017-18258, GHSA-882p-jqgm-f45g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j98t-paam-97ec
21
url VCID-jvd7-7jes-4ffn
vulnerability_id VCID-jvd7-7jes-4ffn
summary 
Bypass of a protection mechanism in libxslt
The libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11068
reference_id
reference_type
scores
0
value 0.01133
scoring_system epss
scoring_elements 0.78684
published_at 2026-06-04T12:55:00Z
1
value 0.01133
scoring_system epss
scoring_elements 0.7871
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11068
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml
10
reference_url https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826
11
reference_url https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9
12
reference_url https://github.com/sparklemotion/nokogiri/issues/1892
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1892
13
reference_url https://github.com/sparklemotion/nokogiri/pull/1898
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/pull/1898
14
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
15
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
22
reference_url https://security.netapp.com/advisory/ntap-20191017-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191017-0001
23
reference_url https://usn.ubuntu.com/3947-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3947-1
24
reference_url https://usn.ubuntu.com/3947-2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3947-2
25
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
26
reference_url http://www.openwall.com/lists/oss-security/2019/04/22/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url http://www.openwall.com/lists/oss-security/2019/04/22/1
27
reference_url http://www.openwall.com/lists/oss-security/2019/04/23/5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url http://www.openwall.com/lists/oss-security/2019/04/23/5
28
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1709697
reference_id 1709697
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1709697
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
reference_id 36TEYN37XCCKN2XUMRTBBW67BPNMSW4K
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
30
reference_url https://usn.ubuntu.com/3947-1/
reference_id 3947-1
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url https://usn.ubuntu.com/3947-1/
31
reference_url https://usn.ubuntu.com/3947-2/
reference_id 3947-2
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url https://usn.ubuntu.com/3947-2/
32
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895
reference_id 926895
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11068
reference_id CVE-2019-11068
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11068
34
reference_url https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068
reference_id CVE-2019-11068
reference_type
scores
url https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068
35
reference_url https://security-tracker.debian.org/tracker/CVE-2019-11068
reference_id CVE-2019-11068
reference_type
scores
url https://security-tracker.debian.org/tracker/CVE-2019-11068
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
reference_id GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
37
reference_url https://github.com/advisories/GHSA-qxcg-xjjg-66mj
reference_id GHSA-qxcg-xjjg-66mj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qxcg-xjjg-66mj
38
reference_url https://security.netapp.com/advisory/ntap-20191017-0001/
reference_id ntap-20191017-0001
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url https://security.netapp.com/advisory/ntap-20191017-0001/
39
reference_url https://access.redhat.com/errata/RHSA-2020:4005
reference_id RHSA-2020:4005
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4005
40
reference_url https://access.redhat.com/errata/RHSA-2020:4464
reference_id RHSA-2020:4464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4464
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
reference_id SK4YNISS22MJY22YX5I6V2U63QZAUEHA
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
fixed_packages
0
url pkg:gem/nokogiri@1.10.3
purl pkg:gem/nokogiri@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-chdv-jk6d-uuga
5
vulnerability VCID-d13x-y75t-2ugx
6
vulnerability VCID-e8w6-ax3x-wqan
7
vulnerability VCID-ft4s-195a-8fcf
8
vulnerability VCID-jxz3-ug52-cuhn
9
vulnerability VCID-nuzy-ruzb-dke6
10
vulnerability VCID-p6m6-7kgc-y3g8
11
vulnerability VCID-pb6j-zdqw-g7cj
12
vulnerability VCID-pr2j-1118-hqaa
13
vulnerability VCID-q3td-7t4g-57ba
14
vulnerability VCID-qkq6-n1ds-x7e5
15
vulnerability VCID-u9b2-qx2j-c7by
16
vulnerability VCID-uk9u-nn9a-4yes
17
vulnerability VCID-wnj6-hc4g-ykfs
18
vulnerability VCID-yjn6-17qx-9ubc
19
vulnerability VCID-yrjg-2aw9-effx
20
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.3
1
url pkg:gem/nokogiri@1.10.4
purl pkg:gem/nokogiri@1.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-chdv-jk6d-uuga
5
vulnerability VCID-d13x-y75t-2ugx
6
vulnerability VCID-e8w6-ax3x-wqan
7
vulnerability VCID-jxz3-ug52-cuhn
8
vulnerability VCID-nuzy-ruzb-dke6
9
vulnerability VCID-p6m6-7kgc-y3g8
10
vulnerability VCID-pb6j-zdqw-g7cj
11
vulnerability VCID-pr2j-1118-hqaa
12
vulnerability VCID-q3td-7t4g-57ba
13
vulnerability VCID-qkq6-n1ds-x7e5
14
vulnerability VCID-uk9u-nn9a-4yes
15
vulnerability VCID-wnj6-hc4g-ykfs
16
vulnerability VCID-yjn6-17qx-9ubc
17
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4
aliases CVE-2019-11068, GHSA-qxcg-xjjg-66mj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvd7-7jes-4ffn
22
url VCID-jxz3-ug52-cuhn
vulnerability_id VCID-jxz3-ug52-cuhn
summary 
libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Nokogiri has backported the patch for CVE-2020-7595 into its vendored version
of libxml2, and released this as v1.10.8

CVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and
so Nokogiri versions <= v1.10.7 are vulnerable.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7595
reference_id
reference_type
scores
0
value 0.00476
scoring_system epss
scoring_elements 0.65285
published_at 2026-06-05T12:55:00Z
1
value 0.00476
scoring_system epss
scoring_elements 0.65244
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7595
3
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml
7
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
8
reference_url https://github.com/sparklemotion/nokogiri/issues/1992
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1992
9
reference_url https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076
10
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
17
reference_url https://security.gentoo.org/glsa/202010-04
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://security.gentoo.org/glsa/202010-04
18
reference_url https://security.netapp.com/advisory/ntap-20200702-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200702-0005
19
reference_url https://security.netapp.com/advisory/ntap-20200702-0005/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://security.netapp.com/advisory/ntap-20200702-0005/
20
reference_url https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
21
reference_url https://usn.ubuntu.com/4274-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4274-1
22
reference_url https://usn.ubuntu.com/4274-1/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://usn.ubuntu.com/4274-1/
23
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
24
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://www.oracle.com/security-alerts/cpujul2020.html
25
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
26
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1799786
reference_id 1799786
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1799786
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
reference_id 545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
reference_id 5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
30
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582
reference_id 949582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582
31
reference_url https://security.archlinux.org/ASA-202011-15
reference_id ASA-202011-15
reference_type
scores
url https://security.archlinux.org/ASA-202011-15
32
reference_url https://security.archlinux.org/AVG-1263
reference_id AVG-1263
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1263
33
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7595
reference_id CVE-2020-7595
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7595
34
reference_url https://github.com/advisories/GHSA-7553-jr98-vx47
reference_id GHSA-7553-jr98-vx47
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7553-jr98-vx47
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
reference_id JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
36
reference_url https://access.redhat.com/errata/RHSA-2020:2644
reference_id RHSA-2020:2644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2644
37
reference_url https://access.redhat.com/errata/RHSA-2020:2646
reference_id RHSA-2020:2646
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2646
38
reference_url https://access.redhat.com/errata/RHSA-2020:3996
reference_id RHSA-2020:3996
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3996
39
reference_url https://access.redhat.com/errata/RHSA-2020:4479
reference_id RHSA-2020:4479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4479
40
reference_url https://access.redhat.com/errata/RHSA-2021:0949
reference_id RHSA-2021:0949
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0949
fixed_packages
0
url pkg:gem/nokogiri@1.10.8
purl pkg:gem/nokogiri@1.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-6t8y-27ba-cfa2
3
vulnerability VCID-chdv-jk6d-uuga
4
vulnerability VCID-d13x-y75t-2ugx
5
vulnerability VCID-e8w6-ax3x-wqan
6
vulnerability VCID-nuzy-ruzb-dke6
7
vulnerability VCID-p6m6-7kgc-y3g8
8
vulnerability VCID-pb6j-zdqw-g7cj
9
vulnerability VCID-pr2j-1118-hqaa
10
vulnerability VCID-q3td-7t4g-57ba
11
vulnerability VCID-qkq6-n1ds-x7e5
12
vulnerability VCID-wnj6-hc4g-ykfs
13
vulnerability VCID-yjn6-17qx-9ubc
14
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.8
aliases CVE-2020-7595, GHSA-7553-jr98-vx47
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxz3-ug52-cuhn
23
url VCID-m91c-mfu9-bbbh
vulnerability_id VCID-m91c-mfu9-bbbh
summary 
Loop with Unreachable Exit Condition ('Infinite Loop')
parser.c in libxml2 does not prevent infinite recursion in parameter entities.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16932
reference_id
reference_type
scores
0
value 0.21755
scoring_system epss
scoring_elements 0.95853
published_at 2026-06-05T12:55:00Z
1
value 0.21755
scoring_system epss
scoring_elements 0.95849
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16932
2
reference_url https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
3
reference_url https://bugzilla.gnome.org/show_bug.cgi?id=759579
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://bugzilla.gnome.org/show_bug.cgi?id=759579
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml
8
reference_url https://github.com/sparklemotion/nokogiri/issues/1714
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1714
9
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
11
reference_url https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html
12
reference_url https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
13
reference_url https://usn.ubuntu.com/3739-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3739-1
14
reference_url https://usn.ubuntu.com/3739-1/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://usn.ubuntu.com/3739-1/
15
reference_url https://usn.ubuntu.com/usn/usn-3504-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/usn/usn-3504-1/
16
reference_url http://xmlsoft.org/news.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url http://xmlsoft.org/news.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1517316
reference_id 1517316
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1517316
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613
reference_id 882613
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613
19
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
reference_id 899a5d9f0ed13b8e32449a08a361e0de127dd961
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16932
reference_id CVE-2017-16932
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16932
21
reference_url https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html
reference_id CVE-2017-16932.HTML
reference_type
scores
url https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html
22
reference_url https://github.com/advisories/GHSA-x2fm-93ww-ggvx
reference_id GHSA-x2fm-93ww-ggvx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2fm-93ww-ggvx
23
reference_url https://usn.ubuntu.com/3504-1/
reference_id USN-3504-1
reference_type
scores
url https://usn.ubuntu.com/3504-1/
24
reference_url https://usn.ubuntu.com/3504-2/
reference_id USN-3504-2
reference_type
scores
url https://usn.ubuntu.com/3504-2/
fixed_packages
0
url pkg:gem/nokogiri@1.8.1
purl pkg:gem/nokogiri@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-akrb-6bu8-nqfq
5
vulnerability VCID-chdv-jk6d-uuga
6
vulnerability VCID-d13x-y75t-2ugx
7
vulnerability VCID-e8w6-ax3x-wqan
8
vulnerability VCID-ft4s-195a-8fcf
9
vulnerability VCID-gwrv-agck-yuex
10
vulnerability VCID-j98t-paam-97ec
11
vulnerability VCID-jvd7-7jes-4ffn
12
vulnerability VCID-jxz3-ug52-cuhn
13
vulnerability VCID-nuzy-ruzb-dke6
14
vulnerability VCID-p6m6-7kgc-y3g8
15
vulnerability VCID-pb6j-zdqw-g7cj
16
vulnerability VCID-pr2j-1118-hqaa
17
vulnerability VCID-q3td-7t4g-57ba
18
vulnerability VCID-qkq6-n1ds-x7e5
19
vulnerability VCID-u9b2-qx2j-c7by
20
vulnerability VCID-ueh5-fv4d-a7a8
21
vulnerability VCID-uk9u-nn9a-4yes
22
vulnerability VCID-wnj6-hc4g-ykfs
23
vulnerability VCID-yjn6-17qx-9ubc
24
vulnerability VCID-yrjg-2aw9-effx
25
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.1
aliases CVE-2017-16932, GHSA-x2fm-93ww-ggvx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m91c-mfu9-bbbh
24
url VCID-nuzy-ruzb-dke6
vulnerability_id VCID-nuzy-ruzb-dke6
summary 
Update packaged dependency libxml2 from 2.9.10 to 2.9.12
### Summary

Nokogiri v1.11.4 updates the vendored libxml2 from v2.9.10 to v2.9.12 which addresses:

- [CVE-2019-20388](https://security.archlinux.org/CVE-2019-20388) (Medium severity)
- [CVE-2020-24977](https://security.archlinux.org/CVE-2020-24977) (Medium severity)
- [CVE-2021-3517](https://security.archlinux.org/CVE-2021-3517) (Medium severity)
- [CVE-2021-3518](https://security.archlinux.org/CVE-2021-3518) (Medium severity)
- [CVE-2021-3537](https://security.archlinux.org/CVE-2021-3537) (Low severity)
- [CVE-2021-3541](https://security.archlinux.org/CVE-2021-3541) (Low severity)

Note that two additional CVEs were addressed upstream but are not relevant to this release. [CVE-2021-3516](https://security.archlinux.org/CVE-2021-3516) via `xmllint` is not present in Nokogiri, and [CVE-2020-7595](https://security.archlinux.org/CVE-2020-7595) has been patched in Nokogiri since v1.10.8 (see #1992).

Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.11.4`, and only if the packaged version of libxml2 is being used. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` release announcements.


### Mitigation

Upgrade to Nokogiri `>= 1.11.4`.


### Impact

I've done a brief analysis of the published CVEs that are addressed in this upstream release. The libxml2 maintainers have not released a canonical set of CVEs, and so this list is pieced together from secondary sources and may be incomplete.

All information below is sourced from [security.archlinux.org](https://security.archlinux.org), which appears to have the most up-to-date information as of this analysis.

#### [CVE-2019-20388](https://security.archlinux.org/CVE-2019-20388)

- **Severity**: Medium
- **Type**: Denial of service
- **Description**: A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service.
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a

Verified that the fix commit first appears in v2.9.11. It seems possible that this issue would be present in programs using Nokogiri < v1.11.4.


#### [CVE-2020-7595](https://security.archlinux.org/CVE-2020-7595)

- **Severity**: Medium
- **Type**: Denial of service
- **Description**: xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5

This has been patched in Nokogiri since v1.10.8 (see #1992).


#### [CVE-2020-24977](https://security.archlinux.org/CVE-2020-24977)

- **Severity**: Medium
- **Type**: Information disclosure
- **Description**: GNOME project libxml2 <= 2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

Verified that the fix commit first appears in v2.9.11. It seems possible that this issue would be present in programs using Nokogiri < v1.11.4.


#### [CVE-2021-3516](https://security.archlinux.org/CVE-2021-3516)

- **Severity**: Medium
- **Type**: Arbitrary code execution (no remote vector)
- **Description**: A use-after-free security issue was found libxml2 before version 2.9.11 when "xmllint --html --push" is used to process crafted files.
- **Issue**: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539

Verified that the fix commit first appears in v2.9.11. This vector does not exist within Nokogiri, which does not ship `xmllint`.


#### [CVE-2021-3517](https://security.archlinux.org/CVE-2021-3517)

- **Severity**: Medium
- **Type**: Arbitrary code execution
- **Description**: A heap-based buffer overflow was found in libxml2 before version 2.9.11 when processing truncated UTF-8 input.
- **Issue**: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2

Verified that the fix commit first appears in v2.9.11. It seems possible that this issue would be present in programs using Nokogiri < v1.11.4.


#### [CVE-2021-3518](https://security.archlinux.org/CVE-2021-3518)

- **Severity**: Medium
- **Type**: Arbitrary code execution
- **Description**: A use-after-free security issue was found in libxml2 before version 2.9.11 in xmlXIncludeDoProcess() in xinclude.c when processing crafted files.
- **Issue**: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7

Verified that the fix commit first appears in v2.9.11. It seems possible that this issue would be present in programs using Nokogiri < v1.11.4.


#### [CVE-2021-3537](https://security.archlinux.org/CVE-2021-3537)

- **Severity**: Low
- **Type**: Denial of service
- **Description**: It was found that libxml2 before version 2.9.11 did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application.
- **Issue**: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61

Verified that the fix commit first appears in v2.9.11. It seems possible that this issue would be present in programs using Nokogiri < v1.11.4.


#### [CVE-2021-3541](https://security.archlinux.org/CVE-2021-3541)

- **Severity**: Low
- **Type**: Denial of service
- **Description**: A security issue was found in libxml2 before version 2.9.11. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e

Verified that the fix commit first appears in v2.9.11. It seems possible that this issue would be present in programs using Nokogiri < v1.11.4, however Nokogiri's default parse options prevent the attack from succeeding (it is necessary to opt into `DTDLOAD` which is off by default).

For more details supporting this analysis of this CVE, please visit #2233.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/commit/9b90a8854f74b5f672a437ba0043a503bc259d1b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/9b90a8854f74b5f672a437ba0043a503bc259d1b
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
3
reference_url https://github.com/advisories/GHSA-7rrm-v45f-jp64
reference_id GHSA-7rrm-v45f-jp64
reference_type
scores
url https://github.com/advisories/GHSA-7rrm-v45f-jp64
fixed_packages
0
url pkg:gem/nokogiri@1.11.4
purl pkg:gem/nokogiri@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chdv-jk6d-uuga
1
vulnerability VCID-d13x-y75t-2ugx
2
vulnerability VCID-p6m6-7kgc-y3g8
3
vulnerability VCID-pb6j-zdqw-g7cj
4
vulnerability VCID-pr2j-1118-hqaa
5
vulnerability VCID-q3td-7t4g-57ba
6
vulnerability VCID-qkq6-n1ds-x7e5
7
vulnerability VCID-wnj6-hc4g-ykfs
8
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4
aliases GHSA-7rrm-v45f-jp64, GMS-2021-171
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nuzy-ruzb-dke6
25
url VCID-p6m6-7kgc-y3g8
vulnerability_id VCID-p6m6-7kgc-y3g8
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/discussions/3146
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/discussions/3146
2
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970
3
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
4
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25062
reference_id CVE-2024-25062
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25062
6
reference_url https://github.com/advisories/GHSA-xc9x-jj77-9p9j
reference_id GHSA-xc9x-jj77-9p9j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xc9x-jj77-9p9j
7
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j
reference_id GHSA-xc9x-jj77-9p9j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml
reference_id GHSA-xc9x-jj77-9p9j.yml
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml
fixed_packages
0
url pkg:gem/nokogiri@1.15.6
purl pkg:gem/nokogiri@1.15.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chdv-jk6d-uuga
1
vulnerability VCID-d13x-y75t-2ugx
2
vulnerability VCID-pb6j-zdqw-g7cj
3
vulnerability VCID-q3td-7t4g-57ba
4
vulnerability VCID-wnj6-hc4g-ykfs
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.15.6
1
url pkg:gem/nokogiri@1.16.0.rc1
purl pkg:gem/nokogiri@1.16.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chdv-jk6d-uuga
1
vulnerability VCID-d13x-y75t-2ugx
2
vulnerability VCID-p6m6-7kgc-y3g8
3
vulnerability VCID-pb6j-zdqw-g7cj
4
vulnerability VCID-q3td-7t4g-57ba
5
vulnerability VCID-wnj6-hc4g-ykfs
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.0.rc1
2
url pkg:gem/nokogiri@1.16.2
purl pkg:gem/nokogiri@1.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chdv-jk6d-uuga
1
vulnerability VCID-d13x-y75t-2ugx
2
vulnerability VCID-pb6j-zdqw-g7cj
3
vulnerability VCID-q3td-7t4g-57ba
4
vulnerability VCID-wnj6-hc4g-ykfs
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.2
aliases GHSA-xc9x-jj77-9p9j, GMS-2024-127
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6m6-7kgc-y3g8
26
url VCID-pb6j-zdqw-g7cj
vulnerability_id VCID-pb6j-zdqw-g7cj
summary 
Nokogiri patches vendored libxml2 to resolve multiple CVEs
## Summary

Nokogiri v1.18.9 patches the vendored libxml2 to address
CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795,
and CVE-2025-49796.

## Impact and severity

### CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer
overflows in buffer size calculations can lead to a stack-based
buffer overflow. This issue can result in memory corruption or a
denial of service when processing crafted input.

NVD claims a severity of 7.5 High
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/17d950ae

### CVE-2025-6170

A flaw was found in the interactive shell of the xmllint command-line
tool, used for parsing XML files. When a user inputs an overly long
command, the program does not check the input size properly, which
can cause it to crash. This issue might allow attackers to run
harmful code in rare configurations without modern protections.

NVD claims a severity of 2.5 Low
(CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/5e9ec5c1

### CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue
occurs when parsing XPath elements under certain circumstances when
the XML schematron has the <sch:name path="..."/> schema elements.
This flaw allows a malicious actor to craft a malicious XML document
used as input for libxml, resulting in the program's crash using
libxml or other possible undefined behaviors.

NVD claims a severity of 9.1 Critical
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5

### CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when
processing XPath XML expressions. This flaw allows an attacker to
craft a malicious XML input to libxml2, leading to a denial of service.

NVD claims a severity of 7.5 High
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/62048278

### CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name
elements from the input XML file can trigger a memory corruption
issue. This flaw allows an attacker to craft a malicious XML input
file that can lead libxml to crash, resulting in a denial of service
or other possible undefined behavior due to sensitive data being
corrupted in memory.

NVD claims a severity of 9.1 Critical
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5

## Affected Versions

- Nokogiri < 1.18.9 when using CRuby (MRI) with vendored libxml2

## Patched Versions

- Nokogiri >= 1.18.9

## Mitigation

Upgrade to Nokogiri v1.18.9 or later.

Users who are unable to upgrade Nokogiri may also choose a more
complicated mitigation: compile and link Nokogiri against patched
external libxml2 libraries which will also address these same issues.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/pull/3526
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/pull/3526
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49794
reference_id CVE-2025-49794
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49794
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49795
reference_id CVE-2025-49795
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49795
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49796
reference_id CVE-2025-49796
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49796
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6021
reference_id CVE-2025-6021
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6021
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6170
reference_id CVE-2025-6170
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6170
8
reference_url https://github.com/advisories/GHSA-353f-x4gh-cqq8
reference_id GHSA-353f-x4gh-cqq8
reference_type
scores
url https://github.com/advisories/GHSA-353f-x4gh-cqq8
fixed_packages
0
url pkg:gem/nokogiri@1.18.9
purl pkg:gem/nokogiri@1.18.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d13x-y75t-2ugx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.9
aliases GHSA-353f-x4gh-cqq8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pb6j-zdqw-g7cj
27
url VCID-pr2j-1118-hqaa
vulnerability_id VCID-pr2j-1118-hqaa
summary 
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
### Summary

Nokogiri v1.13.9 upgrades the packaged version of its dependency libxml2 to
[v2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.3) from
v2.9.14.

libxml2 v2.10.3 addresses the following known vulnerabilities:

- [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309)
- [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304)
- [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303)

Please note that this advisory only applies to the CRuby implementation of
Nokogiri `< 1.13.9`, and only if the _packaged_ libraries are being used. If
you've overridden defaults at installation time to use _system_ libraries
instead of packaged libraries, you should instead pay attention to your
distro's `libxml2` release announcements.


### Mitigation

Upgrade to Nokogiri `>= 1.13.9`.

Users who are unable to upgrade Nokogiri may also choose a more complicated
mitigation: compile and link Nokogiri against external libraries libxml2
`>= 2.10.3` which will also address these same issues.


### Impact

#### libxml2 [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309)

- **CVSS3 score**: Under evaluation
- **Type**: Denial of service
- **Description**: NULL Pointer Dereference allows attackers to cause a denial
of service (or application crash). This only applies when lxml is used
together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not
affected. It allows triggering crashes through forged input data, given a
vulnerable code sequence in the application. The vulnerability is caused by
the iterwalk function (also used by the canonicalize function). Such code
shouldn't be in wide-spread use, given that parsing + iterwalk would usually
be replaced with the more efficient iterparse function. However, an XML
converter that serialises to C14N would also be vulnerable, for example, and
there are legitimate use cases for this code sequence. If untrusted input is
received (also remotely) and processed via iterwalk function, a crash can be
triggered.

Nokogiri maintainers investigated at #2620 and determined this CVE does not
affect Nokogiri users.


#### libxml2 [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304)

- **CVSS3 score**: Unspecified upstream
- **Type**: Data corruption, denial of service
- **Description**: When an entity reference cycle is detected, the entity
content is cleared by setting its first byte to zero. But the entity content
might be allocated from a dict. In this case, the dict entry becomes corrupted
leading to all kinds of logic errors, including memory errors like
double-frees.

See https://gitlab.gnome.org/GNOME/libxml2/-/commit/644a89e080bced793295f61f18aac8cfad6bece2


#### libxml2 [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303)

- **CVSS3 score**: Unspecified upstream
- **Type**: Integer overflow
- **Description**: Integer overflows with XML_PARSE_HUGE

See https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
2
reference_url https://github.com/advisories/GHSA-2qc6-mcvw-92cw
reference_id GHSA-2qc6-mcvw-92cw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qc6-mcvw-92cw
fixed_packages
0
url pkg:gem/nokogiri@1.13.9
purl pkg:gem/nokogiri@1.13.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chdv-jk6d-uuga
1
vulnerability VCID-d13x-y75t-2ugx
2
vulnerability VCID-p6m6-7kgc-y3g8
3
vulnerability VCID-pb6j-zdqw-g7cj
4
vulnerability VCID-q3td-7t4g-57ba
5
vulnerability VCID-qhx2-j1jc-cyev
6
vulnerability VCID-wnj6-hc4g-ykfs
7
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.9
aliases GHSA-2qc6-mcvw-92cw, GMS-2022-5550
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pr2j-1118-hqaa
28
url VCID-q3td-7t4g-57ba
vulnerability_id VCID-q3td-7t4g-57ba
summary 
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
## Summary

Nokogiri v1.16.5 upgrades its dependency libxml2 to
[2.12.7](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7) from 2.12.6.

libxml2 v2.12.7 addresses CVE-2024-34459:

- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
- patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53

## Impact

There is no impact to Nokogiri users because the issue is present only
in libxml2's `xmllint` tool which Nokogiri does not provide or expose.

## Timeline

- 2024-05-13 05:57 EDT, libxml2 2.12.7 release is announced
- 2024-05-13 08:30 EDT, nokogiri maintainers begin triage
- 2024-05-13 10:05 EDT, nokogiri [v1.16.5 is released](https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5)
  and this GHSA made public
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7
3
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53
4
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
5
reference_url https://github.com/advisories/GHSA-r95h-9x8f-r3f7
reference_id GHSA-r95h-9x8f-r3f7
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r95h-9x8f-r3f7
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml
reference_id GHSA-r95h-9x8f-r3f7.yml
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml
fixed_packages
0
url pkg:gem/nokogiri@1.16.5
purl pkg:gem/nokogiri@1.16.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chdv-jk6d-uuga
1
vulnerability VCID-d13x-y75t-2ugx
2
vulnerability VCID-pb6j-zdqw-g7cj
3
vulnerability VCID-wnj6-hc4g-ykfs
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.5
aliases GHSA-r95h-9x8f-r3f7
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q3td-7t4g-57ba
29
url VCID-qkq6-n1ds-x7e5
vulnerability_id VCID-qkq6-n1ds-x7e5
summary 
Inefficient Regular Expression Complexity
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24836
reference_id
reference_type
scores
0
value 0.01827
scoring_system epss
scoring_elements 0.83241
published_at 2026-06-04T12:55:00Z
1
value 0.01827
scoring_system epss
scoring_elements 0.83267
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24836
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24836
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24836
3
reference_url http://seclists.org/fulldisclosure/2022/Dec/23
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2022/Dec/23
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml
6
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
7
reference_url https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
8
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
9
reference_url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
10
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
11
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
18
reference_url https://security.gentoo.org/glsa/202208-29
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-29
19
reference_url https://support.apple.com/kb/HT213532
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT213532
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787
reference_id 1009787
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2074346
reference_id 2074346
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2074346
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24836
reference_id CVE-2022-24836
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24836
23
reference_url https://github.com/advisories/GHSA-crjr-9rc5-ghw8
reference_id GHSA-crjr-9rc5-ghw8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-crjr-9rc5-ghw8
24
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
reference_id GHSA-crjr-9rc5-ghw8
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
25
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
fixed_packages
0
url pkg:gem/nokogiri@1.13.4
purl pkg:gem/nokogiri@1.13.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chdv-jk6d-uuga
1
vulnerability VCID-d13x-y75t-2ugx
2
vulnerability VCID-p6m6-7kgc-y3g8
3
vulnerability VCID-pb6j-zdqw-g7cj
4
vulnerability VCID-pr2j-1118-hqaa
5
vulnerability VCID-q3td-7t4g-57ba
6
vulnerability VCID-wnj6-hc4g-ykfs
7
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4
aliases CVE-2022-24836, GHSA-crjr-9rc5-ghw8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qkq6-n1ds-x7e5
30
url VCID-u9b2-qx2j-c7by
vulnerability_id VCID-u9b2-qx2j-c7by
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5815
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29163
published_at 2026-06-04T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29234
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5815
2
reference_url https://bugs.chromium.org/p/chromium/issues/detail?id=930663
reference_id
reference_type
scores
url https://bugs.chromium.org/p/chromium/issues/detail?id=930663
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828
25
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829
26
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830
27
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831
28
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832
29
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833
30
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834
31
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836
32
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837
33
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838
34
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839
35
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840
36
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841
37
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842
38
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843
39
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847
40
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848
41
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849
42
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850
43
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851
44
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852
45
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853
46
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854
47
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855
48
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856
49
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857
50
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858
51
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859
52
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860
53
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861
54
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862
55
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864
56
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865
57
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867
58
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868
59
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503
60
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504
61
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml
62
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
63
reference_url https://github.com/sparklemotion/nokogiri/issues/2630
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/2630
64
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b
65
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html
66
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1702905
reference_id 1702905
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1702905
67
reference_url https://security.archlinux.org/ASA-201904-12
reference_id ASA-201904-12
reference_type
scores
url https://security.archlinux.org/ASA-201904-12
68
reference_url https://security.archlinux.org/AVG-952
reference_id AVG-952
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-952
69
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5815
reference_id CVE-2019-5815
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5815
70
reference_url https://security.gentoo.org/glsa/201908-18
reference_id GLSA-201908-18
reference_type
scores
url https://security.gentoo.org/glsa/201908-18
71
reference_url https://access.redhat.com/errata/RHSA-2019:1021
reference_id RHSA-2019:1021
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1021
72
reference_url https://usn.ubuntu.com/5575-1/
reference_id USN-5575-1
reference_type
scores
url https://usn.ubuntu.com/5575-1/
73
reference_url https://usn.ubuntu.com/5575-2/
reference_id USN-5575-2
reference_type
scores
url https://usn.ubuntu.com/5575-2/
fixed_packages
0
url pkg:gem/nokogiri@1.10.4
purl pkg:gem/nokogiri@1.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-chdv-jk6d-uuga
5
vulnerability VCID-d13x-y75t-2ugx
6
vulnerability VCID-e8w6-ax3x-wqan
7
vulnerability VCID-jxz3-ug52-cuhn
8
vulnerability VCID-nuzy-ruzb-dke6
9
vulnerability VCID-p6m6-7kgc-y3g8
10
vulnerability VCID-pb6j-zdqw-g7cj
11
vulnerability VCID-pr2j-1118-hqaa
12
vulnerability VCID-q3td-7t4g-57ba
13
vulnerability VCID-qkq6-n1ds-x7e5
14
vulnerability VCID-uk9u-nn9a-4yes
15
vulnerability VCID-wnj6-hc4g-ykfs
16
vulnerability VCID-yjn6-17qx-9ubc
17
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4
1
url pkg:gem/nokogiri@1.10.5
purl pkg:gem/nokogiri@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-6t8y-27ba-cfa2
3
vulnerability VCID-chdv-jk6d-uuga
4
vulnerability VCID-d13x-y75t-2ugx
5
vulnerability VCID-e8w6-ax3x-wqan
6
vulnerability VCID-jxz3-ug52-cuhn
7
vulnerability VCID-nuzy-ruzb-dke6
8
vulnerability VCID-p6m6-7kgc-y3g8
9
vulnerability VCID-pb6j-zdqw-g7cj
10
vulnerability VCID-pr2j-1118-hqaa
11
vulnerability VCID-q3td-7t4g-57ba
12
vulnerability VCID-qkq6-n1ds-x7e5
13
vulnerability VCID-wnj6-hc4g-ykfs
14
vulnerability VCID-yjn6-17qx-9ubc
15
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5
aliases CVE-2019-5815, GHSA-vmfx-gcfq-wvm2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9b2-qx2j-c7by
31
url VCID-ueh5-fv4d-a7a8
vulnerability_id VCID-ueh5-fv4d-a7a8
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15412
reference_id
reference_type
scores
0
value 0.02535
scoring_system epss
scoring_elements 0.85726
published_at 2026-06-04T12:55:00Z
1
value 0.02535
scoring_system epss
scoring_elements 0.85748
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15412
2
reference_url https://bugzilla.gnome.org/show_bug.cgi?id=783160
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.gnome.org/show_bug.cgi?id=783160
3
reference_url https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
4
reference_url https://crbug.com/727039
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://crbug.com/727039
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml
8
reference_url https://github.com/sparklemotion/nokogiri/issues/1714
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1714
9
reference_url https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html
10
reference_url https://security.gentoo.org/glsa/201801-03
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201801-03
11
reference_url https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348
12
reference_url https://www.debian.org/security/2018/dsa-4086
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4086
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1523128
reference_id 1523128
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1523128
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790
reference_id 883790
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790
15
reference_url https://security.archlinux.org/ASA-201712-5
reference_id ASA-201712-5
reference_type
scores
url https://security.archlinux.org/ASA-201712-5
16
reference_url https://security.archlinux.org/AVG-544
reference_id AVG-544
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-544
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15412
reference_id CVE-2017-15412
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-15412
18
reference_url https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html
reference_id CVE-2017-15412.HTML
reference_type
scores
url https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html
19
reference_url https://access.redhat.com/errata/RHSA-2017:3401
reference_id RHSA-2017:3401
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3401
20
reference_url https://access.redhat.com/errata/RHSA-2018:0287
reference_id RHSA-2018:0287
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0287
21
reference_url https://access.redhat.com/errata/RHSA-2020:1190
reference_id RHSA-2020:1190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1190
22
reference_url https://usn.ubuntu.com/3513-1/
reference_id USN-3513-1
reference_type
scores
url https://usn.ubuntu.com/3513-1/
23
reference_url https://usn.ubuntu.com/3513-2/
reference_id USN-3513-2
reference_type
scores
url https://usn.ubuntu.com/3513-2/
fixed_packages
0
url pkg:gem/nokogiri@1.8.2
purl pkg:gem/nokogiri@1.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-akrb-6bu8-nqfq
5
vulnerability VCID-chdv-jk6d-uuga
6
vulnerability VCID-d13x-y75t-2ugx
7
vulnerability VCID-e8w6-ax3x-wqan
8
vulnerability VCID-ft4s-195a-8fcf
9
vulnerability VCID-gwrv-agck-yuex
10
vulnerability VCID-jvd7-7jes-4ffn
11
vulnerability VCID-jxz3-ug52-cuhn
12
vulnerability VCID-nuzy-ruzb-dke6
13
vulnerability VCID-p6m6-7kgc-y3g8
14
vulnerability VCID-pb6j-zdqw-g7cj
15
vulnerability VCID-pr2j-1118-hqaa
16
vulnerability VCID-q3td-7t4g-57ba
17
vulnerability VCID-qkq6-n1ds-x7e5
18
vulnerability VCID-u9b2-qx2j-c7by
19
vulnerability VCID-uk9u-nn9a-4yes
20
vulnerability VCID-wnj6-hc4g-ykfs
21
vulnerability VCID-yjn6-17qx-9ubc
22
vulnerability VCID-yrjg-2aw9-effx
23
vulnerability VCID-zx33-nyvt-vbe9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.2
aliases CVE-2017-15412, GHSA-r58r-74gx-6wx3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ueh5-fv4d-a7a8
32
url VCID-uk9u-nn9a-4yes
vulnerability_id VCID-uk9u-nn9a-4yes
summary multiple issues
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18197
reference_id
reference_type
scores
0
value 0.04534
scoring_system epss
scoring_elements 0.89374
published_at 2026-06-05T12:55:00Z
1
value 0.04534
scoring_system epss
scoring_elements 0.89355
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18197
6
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
7
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
8
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml
12
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
13
reference_url https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934
14
reference_url https://github.com/sparklemotion/nokogiri/issues/1943
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1943
15
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
16
reference_url https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html
17
reference_url https://security.netapp.com/advisory/ntap-20191031-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191031-0004
18
reference_url https://security.netapp.com/advisory/ntap-20200416-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200416-0004
19
reference_url https://usn.ubuntu.com/4164-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4164-1
20
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://www.oracle.com/security-alerts/cpuapr2020.html
21
reference_url http://www.openwall.com/lists/oss-security/2019/11/17/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url http://www.openwall.com/lists/oss-security/2019/11/17/2
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1770768
reference_id 1770768
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1770768
23
reference_url https://usn.ubuntu.com/4164-1/
reference_id 4164-1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://usn.ubuntu.com/4164-1/
24
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646
reference_id 942646
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646
25
reference_url https://security.archlinux.org/ASA-202002-3
reference_id ASA-202002-3
reference_type
scores
url https://security.archlinux.org/ASA-202002-3
26
reference_url https://security.archlinux.org/AVG-1092
reference_id AVG-1092
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1092
27
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18197
reference_id CVE-2019-18197
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18197
28
reference_url https://security.netapp.com/advisory/ntap-20191031-0004/
reference_id ntap-20191031-0004
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://security.netapp.com/advisory/ntap-20191031-0004/
29
reference_url https://security.netapp.com/advisory/ntap-20200416-0004/
reference_id ntap-20200416-0004
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://security.netapp.com/advisory/ntap-20200416-0004/
30
reference_url https://access.redhat.com/errata/RHSA-2020:0514
reference_id RHSA-2020:0514
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://access.redhat.com/errata/RHSA-2020:0514
31
reference_url https://access.redhat.com/errata/RHSA-2020:4005
reference_id RHSA-2020:4005
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4005
32
reference_url https://access.redhat.com/errata/RHSA-2020:4464
reference_id RHSA-2020:4464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4464
fixed_packages
0
url pkg:gem/nokogiri@1.10.5
purl pkg:gem/nokogiri@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-6t8y-27ba-cfa2
3
vulnerability VCID-chdv-jk6d-uuga
4
vulnerability VCID-d13x-y75t-2ugx
5
vulnerability VCID-e8w6-ax3x-wqan
6
vulnerability VCID-jxz3-ug52-cuhn
7
vulnerability VCID-nuzy-ruzb-dke6
8
vulnerability VCID-p6m6-7kgc-y3g8
9
vulnerability VCID-pb6j-zdqw-g7cj
10
vulnerability VCID-pr2j-1118-hqaa
11
vulnerability VCID-q3td-7t4g-57ba
12
vulnerability VCID-qkq6-n1ds-x7e5
13
vulnerability VCID-wnj6-hc4g-ykfs
14
vulnerability VCID-yjn6-17qx-9ubc
15
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5
aliases CVE-2019-18197, GHSA-242x-7cm6-4w8j
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uk9u-nn9a-4yes
33
url VCID-wnj6-hc4g-ykfs
vulnerability_id VCID-wnj6-hc4g-ykfs
summary 
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
## Summary

Nokogiri v1.18.8 upgrades its dependency libxml2 to
[v2.13.8](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8).

libxml2 v2.13.8 addresses:

- CVE-2025-32414
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
- CVE-2025-32415
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/890

## Impact

### CVE-2025-32414: No impact

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds
memory access can occur in the Python API (Python bindings) because
of an incorrect return value. This occurs in xmlPythonFileRead and
xmlPythonFileReadRaw because of a difference between bytes and characters.

**There is no impact** from this CVE for Nokogiri users.

### CVE-2025-32415: Low impact

In libxml2 before 2.13.8 and 2.14.x before 2.14.2,
xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer
under-read. To exploit this, a crafted XML document must be validated
against an XML schema with certain identity constraints, or a
crafted XML schema must be used.

In the upstream issue, further context is provided by the maintainer:

> The bug affects validation against untrusted XML Schemas (.xsd)
> and validation of untrusted documents against trusted Schemas if
> they make use of xsd:keyref in combination with recursively
> defined types that have additional identity constraints.

MITRE has published a severity score of 2.9 LOW
(CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) for this CVE.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc
2
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
3
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
4
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8
5
reference_url https://github.com/advisories/GHSA-5w6v-399v-w3cc
reference_id GHSA-5w6v-399v-w3cc
reference_type
scores
url https://github.com/advisories/GHSA-5w6v-399v-w3cc
fixed_packages
0
url pkg:gem/nokogiri@1.18.8
purl pkg:gem/nokogiri@1.18.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d13x-y75t-2ugx
1
vulnerability VCID-pb6j-zdqw-g7cj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.8
aliases GHSA-5w6v-399v-w3cc
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wnj6-hc4g-ykfs
34
url VCID-yjn6-17qx-9ubc
vulnerability_id VCID-yjn6-17qx-9ubc
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3518
reference_id
reference_type
scores
0
value 0.0025
scoring_system epss
scoring_elements 0.48575
published_at 2026-06-04T12:55:00Z
1
value 0.0025
scoring_system epss
scoring_elements 0.48638
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3518
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1954242
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1954242
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518
4
reference_url http://seclists.org/fulldisclosure/2021/Jul/54
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Jul/54
5
reference_url http://seclists.org/fulldisclosure/2021/Jul/55
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Jul/55
6
reference_url http://seclists.org/fulldisclosure/2021/Jul/58
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Jul/58
7
reference_url http://seclists.org/fulldisclosure/2021/Jul/59
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Jul/59
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml
10
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
11
reference_url https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722
12
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
14
reference_url https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
19
reference_url https://nokogiri.org/CHANGELOG.html#1114-2021-05-14
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nokogiri.org/CHANGELOG.html#1114-2021-05-14
20
reference_url https://security.gentoo.org/glsa/202107-05
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-05
21
reference_url https://security.netapp.com/advisory/ntap-20210625-0002
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210625-0002
22
reference_url https://security.netapp.com/advisory/ntap-20210625-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210625-0002/
23
reference_url https://support.apple.com/kb/HT212601
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT212601
24
reference_url https://support.apple.com/kb/HT212602
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT212602
25
reference_url https://support.apple.com/kb/HT212604
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT212604
26
reference_url https://support.apple.com/kb/HT212605
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT212605
27
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
28
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
29
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
30
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737
reference_id 987737
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737
31
reference_url https://security.archlinux.org/AVG-1883
reference_id AVG-1883
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1883
32
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3518
reference_id CVE-2021-3518
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3518
33
reference_url https://github.com/advisories/GHSA-v4f8-2847-rwm7
reference_id GHSA-v4f8-2847-rwm7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v4f8-2847-rwm7
34
reference_url https://access.redhat.com/errata/RHSA-2021:2569
reference_id RHSA-2021:2569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2569
35
reference_url https://access.redhat.com/errata/RHSA-2022:1389
reference_id RHSA-2022:1389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1389
36
reference_url https://access.redhat.com/errata/RHSA-2022:1390
reference_id RHSA-2022:1390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1390
37
reference_url https://usn.ubuntu.com/4991-1/
reference_id USN-4991-1
reference_type
scores
url https://usn.ubuntu.com/4991-1/
fixed_packages
0
url pkg:gem/nokogiri@1.11.4
purl pkg:gem/nokogiri@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chdv-jk6d-uuga
1
vulnerability VCID-d13x-y75t-2ugx
2
vulnerability VCID-p6m6-7kgc-y3g8
3
vulnerability VCID-pb6j-zdqw-g7cj
4
vulnerability VCID-pr2j-1118-hqaa
5
vulnerability VCID-q3td-7t4g-57ba
6
vulnerability VCID-qkq6-n1ds-x7e5
7
vulnerability VCID-wnj6-hc4g-ykfs
8
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4
aliases CVE-2021-3518, GHSA-v4f8-2847-rwm7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yjn6-17qx-9ubc
35
url VCID-yrjg-2aw9-effx
vulnerability_id VCID-yrjg-2aw9-effx
summary 
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
### Summary

Nokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to [v2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4) from v2.10.3.

libxml2 v2.10.4 addresses the following known vulnerabilities:

- [CVE-2023-29469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469): Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484): Fix null deref in xmlSchemaFixupComplexType
- Schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK

Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.14.3`, and only if the _packaged_ libraries are being used. If you've overridden defaults at installation time to use _system_ libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` release announcements.


### Mitigation

Upgrade to Nokogiri `>= 1.14.3`.

Users who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile and link Nokogiri against external libraries libxml2 `>= 2.10.4` which will also address these same issues.


### Impact

No public information has yet been published about the security-related issues other than the upstream commits. Examination of those changesets indicate that the more serious issues relate to libxml2 dereferencing NULL pointers and potentially segfaulting while parsing untrusted inputs.

The commits can be examined at:

- [[CVE-2023-29469] Hashing of empty dict strings isn't deterministic (09a2dd45) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64)
- [[CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType (647e072e) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f)
- [schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK (4c6922f7) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6)
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
2
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
3
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
4
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6
5
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
7
reference_url https://github.com/advisories/GHSA-pxvg-2qj5-37jq
reference_id GHSA-pxvg-2qj5-37jq
reference_type
scores
url https://github.com/advisories/GHSA-pxvg-2qj5-37jq
8
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq
reference_id GHSA-pxvg-2qj5-37jq
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq
fixed_packages
0
url pkg:gem/nokogiri@1.14.3
purl pkg:gem/nokogiri@1.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chdv-jk6d-uuga
1
vulnerability VCID-d13x-y75t-2ugx
2
vulnerability VCID-p6m6-7kgc-y3g8
3
vulnerability VCID-pb6j-zdqw-g7cj
4
vulnerability VCID-q3td-7t4g-57ba
5
vulnerability VCID-wnj6-hc4g-ykfs
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.14.3
aliases GHSA-pxvg-2qj5-37jq, GMS-2023-1115
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrjg-2aw9-effx
36
url VCID-zx33-nyvt-vbe9
vulnerability_id VCID-zx33-nyvt-vbe9
summary 
Rexical Command Injection Vulnerability
A command injection vulnerability appears in code generated by the Rexical
gem versions v1.0.6 and earlier. It allows commands to be executed in a
subprocess by Ruby's `Kernel.open` method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5477
reference_id
reference_type
scores
0
value 0.09316
scoring_system epss
scoring_elements 0.92907
published_at 2026-06-04T12:55:00Z
1
value 0.09316
scoring_system epss
scoring_elements 0.92918
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5477
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5477
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml
5
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
6
reference_url https://github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dc
7
reference_url https://github.com/sparklemotion/nokogiri/issues/1915
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1915
8
reference_url https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc
9
reference_url https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926
10
reference_url https://hackerone.com/reports/650835
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/650835
11
reference_url https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html
12
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
13
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html
14
reference_url https://security.gentoo.org/glsa/202006-05
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202006-05
15
reference_url https://usn.ubuntu.com/4175-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4175-1
16
reference_url https://usn.ubuntu.com/4175-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4175-1/
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802
reference_id 934802
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905
reference_id 940905
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5477
reference_id CVE-2019-5477
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5477
20
reference_url https://github.com/advisories/GHSA-cr5j-953j-xw5p
reference_id GHSA-cr5j-953j-xw5p
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr5j-953j-xw5p
fixed_packages
0
url pkg:gem/nokogiri@1.10.4
purl pkg:gem/nokogiri@1.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sh8-bsk3-auct
1
vulnerability VCID-2r85-egs8-4be3
2
vulnerability VCID-5xuf-r7bj-33fa
3
vulnerability VCID-6t8y-27ba-cfa2
4
vulnerability VCID-chdv-jk6d-uuga
5
vulnerability VCID-d13x-y75t-2ugx
6
vulnerability VCID-e8w6-ax3x-wqan
7
vulnerability VCID-jxz3-ug52-cuhn
8
vulnerability VCID-nuzy-ruzb-dke6
9
vulnerability VCID-p6m6-7kgc-y3g8
10
vulnerability VCID-pb6j-zdqw-g7cj
11
vulnerability VCID-pr2j-1118-hqaa
12
vulnerability VCID-q3td-7t4g-57ba
13
vulnerability VCID-qkq6-n1ds-x7e5
14
vulnerability VCID-uk9u-nn9a-4yes
15
vulnerability VCID-wnj6-hc4g-ykfs
16
vulnerability VCID-yjn6-17qx-9ubc
17
vulnerability VCID-yrjg-2aw9-effx
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4
aliases CVE-2019-5477, GHSA-cr5j-953j-xw5p
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zx33-nyvt-vbe9
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.2