Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/192151?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/192151?format=api", "purl": "pkg:ebuild/dev-libs/libxml2@2.9.1-r1", "type": "ebuild", "namespace": "dev-libs", "name": "libxml2", "version": "2.9.1-r1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.9.1-r4", "latest_non_vulnerable_version": "2.12.5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37535?format=api", "vulnerability_id": "VCID-1jrf-qst5-gyam", "summary": "Use After Free\nMultiple use-after-free vulnerabilities in libxml2 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1969.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76767", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76799", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1969" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=953722", "reference_id": "953722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953722" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1969", "reference_id": "CVE-2013-1969", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1969" }, { "reference_url": "https://security.gentoo.org/glsa/201311-06", "reference_id": "GLSA-201311-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-06" }, { "reference_url": "https://security.gentoo.org/glsa/201412-11", "reference_id": "GLSA-201412-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-11" }, { "reference_url": "https://usn.ubuntu.com/1817-1/", "reference_id": "USN-1817-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1817-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192151?format=api", "purl": "pkg:ebuild/dev-libs/libxml2@2.9.1-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1" } ], "aliases": [ "CVE-2013-1969" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jrf-qst5-gyam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37549?format=api", "vulnerability_id": "VCID-43m9-cg6h-nuet", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nparser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2877.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2877.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70629", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70671", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2853", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2853" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2870" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2871", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2871" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2879", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2879" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2880" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715531", "reference_id": "715531", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715531" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=983204", "reference_id": "983204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=983204" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2877", "reference_id": "CVE-2013-2877", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2877" }, { "reference_url": "https://security.gentoo.org/glsa/201309-16", "reference_id": "GLSA-201309-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-16" }, { "reference_url": "https://security.gentoo.org/glsa/201311-06", "reference_id": "GLSA-201311-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-06" }, { "reference_url": "https://security.gentoo.org/glsa/201412-11", "reference_id": "GLSA-201412-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0513", "reference_id": "RHSA-2014:0513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0513" }, { "reference_url": "https://usn.ubuntu.com/1904-1/", "reference_id": "USN-1904-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1904-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192151?format=api", "purl": "pkg:ebuild/dev-libs/libxml2@2.9.1-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1" } ], "aliases": [ "CVE-2013-2877" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43m9-cg6h-nuet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37470?format=api", "vulnerability_id": "VCID-7qqd-ze42-ayab", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nHeap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5134.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5134.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84241", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84264", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5134" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694521", "reference_id": "694521", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694521" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=880466", "reference_id": "880466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880466" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5134", "reference_id": "CVE-2012-5134", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5134" }, { "reference_url": "https://security.gentoo.org/glsa/201311-06", "reference_id": "GLSA-201311-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1512", "reference_id": "RHSA-2012:1512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0217", "reference_id": "RHSA-2013:0217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0217" }, { "reference_url": "https://usn.ubuntu.com/1656-1/", "reference_id": "USN-1656-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1656-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192151?format=api", "purl": "pkg:ebuild/dev-libs/libxml2@2.9.1-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1" } ], "aliases": [ "CVE-2012-5134" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qqd-ze42-ayab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37457?format=api", "vulnerability_id": "VCID-d39h-k44d-8kgx", "summary": "Uncontrolled Resource Consumption\nlibxml2, as used in Google Chrome, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2871.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2871.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2871", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00783", "scoring_system": "epss", "scoring_elements": "0.74106", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00783", "scoring_system": "epss", "scoring_elements": "0.7414", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2871" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422", "reference_id": "689422", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689422" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=852935", "reference_id": "852935", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852935" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2871", "reference_id": "CVE-2012-2871", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2871" }, { "reference_url": "https://security.gentoo.org/glsa/201311-06", "reference_id": "GLSA-201311-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1265", "reference_id": "RHSA-2012:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1265" }, { "reference_url": "https://usn.ubuntu.com/1595-1/", "reference_id": "USN-1595-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1595-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192151?format=api", "purl": "pkg:ebuild/dev-libs/libxml2@2.9.1-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1" } ], "aliases": [ "CVE-2012-2871" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d39h-k44d-8kgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64950?format=api", "vulnerability_id": "VCID-j7jf-zzvz-skgm", "summary": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.", "references": [ { "reference_url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html" }, { "reference_url": "http://bugs.python.org/issue17239", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.python.org/issue17239" }, { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03938", "scoring_system": "epss", "scoring_elements": "0.88562", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03938", "scoring_system": "epss", "scoring_elements": "0.88545", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1664" }, { "reference_url": "https://bugs.launchpad.net/nova/+bug/1100282", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/nova/+bug/1100282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664" }, { "reference_url": "https://github.com/django/django", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django" }, { "reference_url": "https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40" }, { "reference_url": "https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1664", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1664" }, { "reference_url": "http://ubuntu.com/usn/usn-1757-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-1757-1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/19/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/19/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/19/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/19/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948", "reference_id": "700948", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949", "reference_id": "700949", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950", "reference_id": "700950", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=913808", "reference_id": "913808", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913808" }, { "reference_url": "https://github.com/advisories/GHSA-qrh7-x6fp-c2mp", "reference_id": "GHSA-qrh7-x6fp-c2mp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qrh7-x6fp-c2mp" }, { "reference_url": "https://security.gentoo.org/glsa/201311-06", "reference_id": "GLSA-201311-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-06" }, { "reference_url": "https://security.gentoo.org/glsa/201412-11", "reference_id": "GLSA-201412-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0596", "reference_id": "RHSA-2013:0596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0657", "reference_id": "RHSA-2013:0657", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0657" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0658", "reference_id": "RHSA-2013:0658", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0658" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0670", "reference_id": "RHSA-2013:0670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0670" }, { "reference_url": "https://usn.ubuntu.com/1730-1/", "reference_id": "USN-1730-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1730-1/" }, { "reference_url": "https://usn.ubuntu.com/1731-1/", "reference_id": "USN-1731-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1731-1/" }, { "reference_url": "https://usn.ubuntu.com/1734-1/", "reference_id": "USN-1734-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1734-1/" }, { "reference_url": "https://usn.ubuntu.com/1757-1/", "reference_id": "USN-1757-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1757-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192151?format=api", "purl": "pkg:ebuild/dev-libs/libxml2@2.9.1-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1" } ], "aliases": [ "CVE-2013-1664", "GHSA-qrh7-x6fp-c2mp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7jf-zzvz-skgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37536?format=api", "vulnerability_id": "VCID-kmvz-pynk-p7fn", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nlibxml2 allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0338.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0338.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71779", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71818", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702260", "reference_id": "702260", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702260" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400", "reference_id": "912400", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0338", "reference_id": "CVE-2013-0338", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0338" }, { "reference_url": "https://security.gentoo.org/glsa/201311-06", "reference_id": "GLSA-201311-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-06" }, { "reference_url": "https://security.gentoo.org/glsa/201412-11", "reference_id": "GLSA-201412-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0581", "reference_id": "RHSA-2013:0581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0581" }, { "reference_url": "https://usn.ubuntu.com/1782-1/", "reference_id": "USN-1782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/192151?format=api", "purl": "pkg:ebuild/dev-libs/libxml2@2.9.1-r1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1" } ], "aliases": [ "CVE-2013-0338" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kmvz-pynk-p7fn" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.1-r1" }