Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/nokogiri@1.6.8
Typegem
Namespace
Namenokogiri
Version1.6.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.19.1
Latest_non_vulnerable_version1.19.1
Affected_by_vulnerabilities
0
url VCID-22km-jmtd-yyde
vulnerability_id VCID-22km-jmtd-yyde
summary 
Vulnerabilities in libxml2
The version of libxml2 packaged with Nokogiri contains several vulnerabilities. Nokogiri has mitigated these issues by upgrading to libxml It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use this to specially construct XML data that could expose sensitive information. (CVE-2017-7375) It was discovered that a buffer overflow existed in libxml2 when handling HTTP redirects. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-7376) Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-9047) Marcel Böhme and Van-Thuan Pham discovered a buffer overread in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service. (CVE-2017-9048) Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads in libxml2 when handling parameter-entity references. An attacker could use these to specially construct XML data that could cause a denial of service. (CVE-2017-9049, CVE-2017-9050)
references
0
reference_url https://github.com/sparklemotion/nokogiri/issues/1673
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/issues/1673
fixed_packages
0
url pkg:gem/nokogiri@1.8.1
purl pkg:gem/nokogiri@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-64c1-dzhs-u3gj
3
vulnerability VCID-6r5w-pgkx-v3cb
4
vulnerability VCID-7bpp-2hvk-2udv
5
vulnerability VCID-8geh-vfns-pfgs
6
vulnerability VCID-96v6-vs1m-skf3
7
vulnerability VCID-9hqf-12yh-bkc8
8
vulnerability VCID-9wgc-swf9-z7hq
9
vulnerability VCID-bejh-22y7-kuh6
10
vulnerability VCID-c6hb-sbhx-zqac
11
vulnerability VCID-cbm2-cez4-bqgh
12
vulnerability VCID-eb6k-ppfd-m7a3
13
vulnerability VCID-ek5d-m9pn-3fec
14
vulnerability VCID-ghbk-uumc-dug3
15
vulnerability VCID-gsar-pymk-43hs
16
vulnerability VCID-hzjv-gf8n-jka2
17
vulnerability VCID-jfh3-1sgm-7ug2
18
vulnerability VCID-jqdg-ebz9-t3e9
19
vulnerability VCID-m7km-hbm9-23h4
20
vulnerability VCID-n6za-rwad-tbaq
21
vulnerability VCID-nq12-ryyt-c7g9
22
vulnerability VCID-q732-nexj-1ue6
23
vulnerability VCID-qv3r-ppuc-zycz
24
vulnerability VCID-rsvx-3f49-v3an
25
vulnerability VCID-snr1-kaug-43aa
26
vulnerability VCID-sqa5-8yrd-qyfz
27
vulnerability VCID-sxp3-vtcq-pugw
28
vulnerability VCID-tdt5-asvh-ryaa
29
vulnerability VCID-tn87-vke6-kuf6
30
vulnerability VCID-txm2-sdc1-7uch
31
vulnerability VCID-u8gx-xbj9-97c7
32
vulnerability VCID-udew-3gre-13hy
33
vulnerability VCID-uf9q-1ds5-wbev
34
vulnerability VCID-vf7b-s3y3-sfhw
35
vulnerability VCID-vhyk-9tbb-quc3
36
vulnerability VCID-w8jf-tsmr-g7cd
37
vulnerability VCID-wc4g-sxyq-ubcd
38
vulnerability VCID-xd6j-x83x-r3gn
39
vulnerability VCID-y5vb-sn4p-eqd9
40
vulnerability VCID-yeku-1zjh-kbea
41
vulnerability VCID-zwzs-qztz-wbfj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.1
aliases USN-3424-1
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-22km-jmtd-yyde
1
url VCID-365e-j8ta-h7cn
vulnerability_id VCID-365e-j8ta-h7cn
summary 
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
## Summary

Nokogiri upgrades its dependency libxml2 as follows:
- Nokogiri v1.15.6 upgrades libxml2 to [2.11.7](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.7) from 2.11.6
- Nokogiri v1.16.2 upgrades libxml2 to [2.12.5](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5) from 2.12.4

libxml2 v2.11.7 and v2.12.5 address the following vulnerability:

- CVE-2024-25062 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
  - patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970

Please note that this advisory only applies to the CRuby implementation of Nokogiri, and only if the _packaged_ libraries are being used. If you've overridden defaults at installation time to use _system_ libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` release announcements.

JRuby users are not affected.

## Mitigation

Upgrade to Nokogiri `~> 1.15.6` or `>= 1.16.2`.

Users who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile
and link Nokogiri against patched external libxml2 libraries which will also address these same
issues.

## Impact

From the CVE description, this issue applies to the `xmlTextReader` module (which underlies `Nokogiri::XML::Reader`):

> When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

## Timeline

- 2024-02-04 10:35 EST - this GHSA is drafted without complete details about when the upstream issue was introduced; a request is made of libxml2 maintainers for more detailed information
- 2024-02-04 10:48 EST - updated GHSA to reflect libxml2 maintainers' confirmation of affected versions
- 2024-02-04 11:54 EST - v1.16.2 published, this GHSA made public
- 2024-02-05 10:18 EST - updated with MITRE link to the CVE information, and updated "Impact" section
- 2024-03-16 09:03 EDT - v1.15.6 published (see discussion at https://github.com/sparklemotion/nokogiri/discussions/3146), updated mitigation information
- 2024-03-18 22:12 EDT - update "affected products" range with v1.15.6 information
references
0
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml
1
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
2
reference_url https://github.com/sparklemotion/nokogiri/discussions/3146
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/discussions/3146
3
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j
4
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970
5
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25062
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25062
8
reference_url https://github.com/advisories/GHSA-xc9x-jj77-9p9j
reference_id GHSA-xc9x-jj77-9p9j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xc9x-jj77-9p9j
fixed_packages
0
url pkg:gem/nokogiri@1.15.6
purl pkg:gem/nokogiri@1.15.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6r5w-pgkx-v3cb
1
vulnerability VCID-c6hb-sbhx-zqac
2
vulnerability VCID-ghbk-uumc-dug3
3
vulnerability VCID-jfh3-1sgm-7ug2
4
vulnerability VCID-q732-nexj-1ue6
5
vulnerability VCID-uf9q-1ds5-wbev
6
vulnerability VCID-w8jf-tsmr-g7cd
7
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.15.6
1
url pkg:gem/nokogiri@1.16.0.rc1
purl pkg:gem/nokogiri@1.16.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-6r5w-pgkx-v3cb
2
vulnerability VCID-c6hb-sbhx-zqac
3
vulnerability VCID-ghbk-uumc-dug3
4
vulnerability VCID-jfh3-1sgm-7ug2
5
vulnerability VCID-q732-nexj-1ue6
6
vulnerability VCID-uf9q-1ds5-wbev
7
vulnerability VCID-w8jf-tsmr-g7cd
8
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.0.rc1
2
url pkg:gem/nokogiri@1.16.2
purl pkg:gem/nokogiri@1.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6r5w-pgkx-v3cb
1
vulnerability VCID-c6hb-sbhx-zqac
2
vulnerability VCID-ghbk-uumc-dug3
3
vulnerability VCID-jfh3-1sgm-7ug2
4
vulnerability VCID-q732-nexj-1ue6
5
vulnerability VCID-uf9q-1ds5-wbev
6
vulnerability VCID-w8jf-tsmr-g7cd
7
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.2
aliases GHSA-xc9x-jj77-9p9j, GMS-2024-127
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-365e-j8ta-h7cn
2
url VCID-3f2w-tgya-x3cc
vulnerability_id VCID-3f2w-tgya-x3cc
summary 
Upstream libxslt vulnerabilities
The `xsltAddTextString` function in `transform.c` in libxslt, as used by nokogiri, lacks a check for integer overflow during a size calculation, which allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-0499.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-0499.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5029.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5029.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-5029
reference_id
reference_type
scores
0
value 0.01232
scoring_system epss
scoring_elements 0.79182
published_at 2026-04-12T12:55:00Z
1
value 0.01232
scoring_system epss
scoring_elements 0.79141
published_at 2026-04-07T12:55:00Z
2
value 0.01232
scoring_system epss
scoring_elements 0.79165
published_at 2026-04-08T12:55:00Z
3
value 0.01232
scoring_system epss
scoring_elements 0.79173
published_at 2026-04-13T12:55:00Z
4
value 0.01232
scoring_system epss
scoring_elements 0.79197
published_at 2026-04-11T12:55:00Z
5
value 0.01266
scoring_system epss
scoring_elements 0.79409
published_at 2026-04-01T12:55:00Z
6
value 0.01266
scoring_system epss
scoring_elements 0.79438
published_at 2026-04-04T12:55:00Z
7
value 0.01266
scoring_system epss
scoring_elements 0.79416
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-5029
3
reference_url https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
reference_id
reference_type
scores
url https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
4
reference_url https://crbug.com/676623
reference_id
reference_type
scores
url https://crbug.com/676623
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046
23
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:N/C:N/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
24
reference_url https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
25
reference_url https://github.com/advisories/GHSA-pf6m-fxpq-fg8v
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-pf6m-fxpq-fg8v
26
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml
27
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
28
reference_url https://github.com/sparklemotion/nokogiri/issues/1634
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1634
29
reference_url https://ubuntu.com/security/CVE-2017-5029
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/security/CVE-2017-5029
30
reference_url https://ubuntu.com/security/notices/USN-3271-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/security/notices/USN-3271-1
31
reference_url http://www.debian.org/security/2017/dsa-3810
reference_id
reference_type
scores
url http://www.debian.org/security/2017/dsa-3810
32
reference_url http://www.securityfocus.com/bid/96767
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96767
33
reference_url http://www.securitytracker.com/id/1038157
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1038157
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1431033
reference_id 1431033
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1431033
35
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546
reference_id 858546
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546
36
reference_url https://security.archlinux.org/ASA-201703-4
reference_id ASA-201703-4
reference_type
scores
url https://security.archlinux.org/ASA-201703-4
37
reference_url https://security.archlinux.org/ASA-201703-5
reference_id ASA-201703-5
reference_type
scores
url https://security.archlinux.org/ASA-201703-5
38
reference_url https://security.archlinux.org/AVG-195
reference_id AVG-195
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-195
39
reference_url https://security.archlinux.org/AVG-196
reference_id AVG-196
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-196
40
reference_url https://security.archlinux.org/AVG-197
reference_id AVG-197
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-197
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt:1.1.29:*:*:*:*:*:*:*
reference_id cpe:2.3:a:xmlsoft:libxslt:1.1.29:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt:1.1.29:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
reference_id cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
reference_id cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
reference_id cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
reference_id cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5029
reference_id CVE-2017-5029
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-5029
53
reference_url https://security.gentoo.org/glsa/201804-01
reference_id GLSA-201804-01
reference_type
scores
url https://security.gentoo.org/glsa/201804-01
54
reference_url https://access.redhat.com/errata/RHSA-2017:0499
reference_id RHSA-2017:0499
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:0499
55
reference_url https://usn.ubuntu.com/3236-1/
reference_id USN-3236-1
reference_type
scores
url https://usn.ubuntu.com/3236-1/
56
reference_url https://usn.ubuntu.com/3271-1/
reference_id USN-3271-1
reference_type
scores
url https://usn.ubuntu.com/3271-1/
fixed_packages
0
url pkg:gem/nokogiri@1.7.1
purl pkg:gem/nokogiri@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-22km-jmtd-yyde
1
vulnerability VCID-365e-j8ta-h7cn
2
vulnerability VCID-3f2w-tgya-x3cc
3
vulnerability VCID-43qu-922g-myca
4
vulnerability VCID-64c1-dzhs-u3gj
5
vulnerability VCID-6r5w-pgkx-v3cb
6
vulnerability VCID-7bpp-2hvk-2udv
7
vulnerability VCID-8geh-vfns-pfgs
8
vulnerability VCID-96v6-vs1m-skf3
9
vulnerability VCID-9hqf-12yh-bkc8
10
vulnerability VCID-9wgc-swf9-z7hq
11
vulnerability VCID-azzy-m5pc-qudn
12
vulnerability VCID-bejh-22y7-kuh6
13
vulnerability VCID-c6hb-sbhx-zqac
14
vulnerability VCID-cbm2-cez4-bqgh
15
vulnerability VCID-eb6k-ppfd-m7a3
16
vulnerability VCID-ek5d-m9pn-3fec
17
vulnerability VCID-ghbk-uumc-dug3
18
vulnerability VCID-gsar-pymk-43hs
19
vulnerability VCID-hzjv-gf8n-jka2
20
vulnerability VCID-jfh3-1sgm-7ug2
21
vulnerability VCID-jqdg-ebz9-t3e9
22
vulnerability VCID-m7km-hbm9-23h4
23
vulnerability VCID-n6za-rwad-tbaq
24
vulnerability VCID-nq12-ryyt-c7g9
25
vulnerability VCID-q732-nexj-1ue6
26
vulnerability VCID-qv3r-ppuc-zycz
27
vulnerability VCID-rsvx-3f49-v3an
28
vulnerability VCID-snr1-kaug-43aa
29
vulnerability VCID-sqa5-8yrd-qyfz
30
vulnerability VCID-sxp3-vtcq-pugw
31
vulnerability VCID-tdt5-asvh-ryaa
32
vulnerability VCID-tn87-vke6-kuf6
33
vulnerability VCID-txm2-sdc1-7uch
34
vulnerability VCID-u8gx-xbj9-97c7
35
vulnerability VCID-udew-3gre-13hy
36
vulnerability VCID-uf9q-1ds5-wbev
37
vulnerability VCID-vf7b-s3y3-sfhw
38
vulnerability VCID-vhyk-9tbb-quc3
39
vulnerability VCID-w8jf-tsmr-g7cd
40
vulnerability VCID-wc4g-sxyq-ubcd
41
vulnerability VCID-xd6j-x83x-r3gn
42
vulnerability VCID-y5vb-sn4p-eqd9
43
vulnerability VCID-yeku-1zjh-kbea
44
vulnerability VCID-zwzs-qztz-wbfj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.1
1
url pkg:gem/nokogiri@1.7.2
purl pkg:gem/nokogiri@1.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-22km-jmtd-yyde
1
vulnerability VCID-365e-j8ta-h7cn
2
vulnerability VCID-43qu-922g-myca
3
vulnerability VCID-64c1-dzhs-u3gj
4
vulnerability VCID-6r5w-pgkx-v3cb
5
vulnerability VCID-7bpp-2hvk-2udv
6
vulnerability VCID-8geh-vfns-pfgs
7
vulnerability VCID-96v6-vs1m-skf3
8
vulnerability VCID-9hqf-12yh-bkc8
9
vulnerability VCID-9wgc-swf9-z7hq
10
vulnerability VCID-azzy-m5pc-qudn
11
vulnerability VCID-bejh-22y7-kuh6
12
vulnerability VCID-c6hb-sbhx-zqac
13
vulnerability VCID-cbm2-cez4-bqgh
14
vulnerability VCID-eb6k-ppfd-m7a3
15
vulnerability VCID-ek5d-m9pn-3fec
16
vulnerability VCID-ghbk-uumc-dug3
17
vulnerability VCID-gsar-pymk-43hs
18
vulnerability VCID-hzjv-gf8n-jka2
19
vulnerability VCID-jfh3-1sgm-7ug2
20
vulnerability VCID-jqdg-ebz9-t3e9
21
vulnerability VCID-m7km-hbm9-23h4
22
vulnerability VCID-n6za-rwad-tbaq
23
vulnerability VCID-nq12-ryyt-c7g9
24
vulnerability VCID-q732-nexj-1ue6
25
vulnerability VCID-qv3r-ppuc-zycz
26
vulnerability VCID-rsvx-3f49-v3an
27
vulnerability VCID-snr1-kaug-43aa
28
vulnerability VCID-sqa5-8yrd-qyfz
29
vulnerability VCID-sxp3-vtcq-pugw
30
vulnerability VCID-tdt5-asvh-ryaa
31
vulnerability VCID-tn87-vke6-kuf6
32
vulnerability VCID-txm2-sdc1-7uch
33
vulnerability VCID-u8gx-xbj9-97c7
34
vulnerability VCID-udew-3gre-13hy
35
vulnerability VCID-uf9q-1ds5-wbev
36
vulnerability VCID-vf7b-s3y3-sfhw
37
vulnerability VCID-vhyk-9tbb-quc3
38
vulnerability VCID-w8jf-tsmr-g7cd
39
vulnerability VCID-wc4g-sxyq-ubcd
40
vulnerability VCID-xd6j-x83x-r3gn
41
vulnerability VCID-y5vb-sn4p-eqd9
42
vulnerability VCID-yeku-1zjh-kbea
43
vulnerability VCID-zwzs-qztz-wbfj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.2
aliases CVE-2017-5029, GHSA-pf6m-fxpq-fg8v
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3f2w-tgya-x3cc
3
url VCID-43qu-922g-myca
vulnerability_id VCID-43qu-922g-myca
summary 
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
### Summary

Nokogiri v1.13.9 upgrades the packaged version of its dependency libxml2 to [v2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.3) from v2.9.14.

libxml2 v2.10.3 addresses the following known vulnerabilities:

- [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309)
- [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304)
- [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303)

Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.13.9`, and only if the _packaged_ libraries are being used. If you've overridden defaults at installation time to use _system_ libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` release announcements.


### Mitigation

Upgrade to Nokogiri `>= 1.13.9`.

Users who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile and link Nokogiri against external libraries libxml2 `>= 2.10.3` which will also address these same issues.


### Impact

#### libxml2 [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309)

- **CVSS3 score**: Under evaluation
- **Type**: Denial of service
- **Description**: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.

Nokogiri maintainers investigated at #2620 and determined this CVE does not affect Nokogiri users.


#### libxml2 [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304)

- **CVSS3 score**: Unspecified upstream
- **Type**: Data corruption, denial of service
- **Description**: When an entity reference cycle is detected, the entity content is cleared by setting its first byte to zero. But the entity content might be allocated from a dict. In this case, the dict entry becomes corrupted leading to all kinds of logic errors, including memory errors like double-frees.

See https://gitlab.gnome.org/GNOME/libxml2/-/commit/644a89e080bced793295f61f18aac8cfad6bece2


#### libxml2 [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303)

- **CVSS3 score**: Unspecified upstream
- **Type**: Integer overflow
- **Description**: Integer overflows with XML_PARSE_HUGE

See https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0


### References

- [libxml2 release notes](https://gitlab.gnome.org/GNOME/libxml2/-/releases)
- [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309)
- [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304)
- [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303)
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
2
reference_url https://github.com/advisories/GHSA-2qc6-mcvw-92cw
reference_id GHSA-2qc6-mcvw-92cw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qc6-mcvw-92cw
fixed_packages
0
url pkg:gem/nokogiri@1.13.9
purl pkg:gem/nokogiri@1.13.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-6r5w-pgkx-v3cb
2
vulnerability VCID-c6hb-sbhx-zqac
3
vulnerability VCID-eru7-uy2t-d3ef
4
vulnerability VCID-ghbk-uumc-dug3
5
vulnerability VCID-hzjv-gf8n-jka2
6
vulnerability VCID-jfh3-1sgm-7ug2
7
vulnerability VCID-q732-nexj-1ue6
8
vulnerability VCID-uf9q-1ds5-wbev
9
vulnerability VCID-w8jf-tsmr-g7cd
10
vulnerability VCID-y5vb-sn4p-eqd9
11
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.9
aliases GHSA-2qc6-mcvw-92cw, GMS-2022-5550
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43qu-922g-myca
4
url VCID-64c1-dzhs-u3gj
vulnerability_id VCID-64c1-dzhs-u3gj
summary 
Nokogiri has a vulnerability allowing arbitrary execution of code
    if a certain function is used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5477
reference_id
reference_type
scores
0
value 0.06079
scoring_system epss
scoring_elements 0.90714
published_at 2026-04-01T12:55:00Z
1
value 0.06079
scoring_system epss
scoring_elements 0.90763
published_at 2026-04-13T12:55:00Z
2
value 0.06079
scoring_system epss
scoring_elements 0.90765
published_at 2026-04-12T12:55:00Z
3
value 0.06079
scoring_system epss
scoring_elements 0.90766
published_at 2026-04-11T12:55:00Z
4
value 0.06079
scoring_system epss
scoring_elements 0.90758
published_at 2026-04-09T12:55:00Z
5
value 0.06079
scoring_system epss
scoring_elements 0.90751
published_at 2026-04-08T12:55:00Z
6
value 0.06079
scoring_system epss
scoring_elements 0.90741
published_at 2026-04-07T12:55:00Z
7
value 0.06079
scoring_system epss
scoring_elements 0.9073
published_at 2026-04-04T12:55:00Z
8
value 0.06079
scoring_system epss
scoring_elements 0.9072
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5477
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5477
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml
5
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
6
reference_url https://github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dc
7
reference_url https://github.com/sparklemotion/nokogiri/issues/1915
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1915
8
reference_url https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc
9
reference_url https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926
10
reference_url https://hackerone.com/reports/650835
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/650835
11
reference_url https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html
12
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
13
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5477
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5477
15
reference_url https://usn.ubuntu.com/4175-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4175-1
16
reference_url https://usn.ubuntu.com/4175-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4175-1/
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802
reference_id 934802
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905
reference_id 940905
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905
19
reference_url https://github.com/advisories/GHSA-cr5j-953j-xw5p
reference_id GHSA-cr5j-953j-xw5p
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr5j-953j-xw5p
20
reference_url https://security.gentoo.org/glsa/202006-05
reference_id GLSA-202006-05
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202006-05
fixed_packages
0
url pkg:gem/nokogiri@1.10.4
purl pkg:gem/nokogiri@1.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-7bpp-2hvk-2udv
4
vulnerability VCID-8geh-vfns-pfgs
5
vulnerability VCID-9hqf-12yh-bkc8
6
vulnerability VCID-9wgc-swf9-z7hq
7
vulnerability VCID-c6hb-sbhx-zqac
8
vulnerability VCID-cbm2-cez4-bqgh
9
vulnerability VCID-eb6k-ppfd-m7a3
10
vulnerability VCID-ek5d-m9pn-3fec
11
vulnerability VCID-ghbk-uumc-dug3
12
vulnerability VCID-gsar-pymk-43hs
13
vulnerability VCID-hzjv-gf8n-jka2
14
vulnerability VCID-jfh3-1sgm-7ug2
15
vulnerability VCID-jqdg-ebz9-t3e9
16
vulnerability VCID-m7km-hbm9-23h4
17
vulnerability VCID-n6za-rwad-tbaq
18
vulnerability VCID-nq12-ryyt-c7g9
19
vulnerability VCID-q732-nexj-1ue6
20
vulnerability VCID-qv3r-ppuc-zycz
21
vulnerability VCID-rsvx-3f49-v3an
22
vulnerability VCID-snr1-kaug-43aa
23
vulnerability VCID-sxp3-vtcq-pugw
24
vulnerability VCID-txm2-sdc1-7uch
25
vulnerability VCID-u8gx-xbj9-97c7
26
vulnerability VCID-udew-3gre-13hy
27
vulnerability VCID-uf9q-1ds5-wbev
28
vulnerability VCID-vf7b-s3y3-sfhw
29
vulnerability VCID-vhyk-9tbb-quc3
30
vulnerability VCID-w8jf-tsmr-g7cd
31
vulnerability VCID-xd6j-x83x-r3gn
32
vulnerability VCID-y5vb-sn4p-eqd9
33
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4
aliases CVE-2019-5477, GHSA-cr5j-953j-xw5p
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64c1-dzhs-u3gj
5
url VCID-6r5w-pgkx-v3cb
vulnerability_id VCID-6r5w-pgkx-v3cb
summary 
Nokogiri patches vendored libxml2 to resolve multiple CVEs
## Summary

Nokogiri v1.18.9 patches the vendored libxml2 to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796.

## Impact and severity

### CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

NVD claims a severity of 7.5 High (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/17d950ae

### CVE-2025-6170

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

NVD claims a severity of 2.5 Low (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/5e9ec5c1

### CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

NVD claims a severity of 9.1 Critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5

### CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

NVD claims a severity of 7.5 High (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/62048278

### CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

NVD claims a severity of 9.1 Critical (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5

## Affected Versions

- Nokogiri < 1.18.9 when using CRuby (MRI) with vendored libxml2

## Patched Versions

- Nokogiri >= 1.18.9

## Mitigation

Upgrade to Nokogiri v1.18.9 or later.

Users who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile and link Nokogiri against patched external libxml2 libraries which will also address these same issues.

## References

- https://github.com/sparklemotion/nokogiri/pull/3526
- https://nvd.nist.gov/vuln/detail/CVE-2025-6021
- https://nvd.nist.gov/vuln/detail/CVE-2025-6170
- https://nvd.nist.gov/vuln/detail/CVE-2025-49794
- https://nvd.nist.gov/vuln/detail/CVE-2025-49795
- https://nvd.nist.gov/vuln/detail/CVE-2025-49796
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/pull/3526
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/pull/3526
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8
reference_id
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49794
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49794
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49795
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49795
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49796
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49796
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6021
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6021
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6170
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6170
8
reference_url https://github.com/advisories/GHSA-353f-x4gh-cqq8
reference_id GHSA-353f-x4gh-cqq8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-353f-x4gh-cqq8
fixed_packages
0
url pkg:gem/nokogiri@1.18.9
purl pkg:gem/nokogiri@1.18.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jfh3-1sgm-7ug2
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.9
aliases GHSA-353f-x4gh-cqq8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6r5w-pgkx-v3cb
6
url VCID-7bpp-2hvk-2udv
vulnerability_id VCID-7bpp-2hvk-2udv
summary 
Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-24977
reference_id
reference_type
scores
0
value 0.00502
scoring_system epss
scoring_elements 0.66024
published_at 2026-04-13T12:55:00Z
1
value 0.00502
scoring_system epss
scoring_elements 0.65987
published_at 2026-04-07T12:55:00Z
2
value 0.00502
scoring_system epss
scoring_elements 0.66036
published_at 2026-04-08T12:55:00Z
3
value 0.00502
scoring_system epss
scoring_elements 0.66048
published_at 2026-04-09T12:55:00Z
4
value 0.00502
scoring_system epss
scoring_elements 0.66067
published_at 2026-04-11T12:55:00Z
5
value 0.00502
scoring_system epss
scoring_elements 0.66054
published_at 2026-04-12T12:55:00Z
6
value 0.00516
scoring_system epss
scoring_elements 0.66619
published_at 2026-04-02T12:55:00Z
7
value 0.00516
scoring_system epss
scoring_elements 0.66645
published_at 2026-04-04T12:55:00Z
8
value 0.00516
scoring_system epss
scoring_elements 0.6658
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-24977
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
reference_id
reference_type
scores
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
7
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
reference_id
reference_type
scores
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
8
reference_url https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
9
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/
20
reference_url https://security.netapp.com/advisory/ntap-20200924-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200924-0001/
21
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpuoct2021.html
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1877788
reference_id 1877788
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1877788
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529
reference_id 969529
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529
24
reference_url https://security.archlinux.org/ASA-202011-15
reference_id ASA-202011-15
reference_type
scores
url https://security.archlinux.org/ASA-202011-15
25
reference_url https://security.archlinux.org/AVG-1263
reference_id AVG-1263
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1263
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-24977
reference_id CVE-2020-24977
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2020-24977
27
reference_url https://security.gentoo.org/glsa/202107-05
reference_id GLSA-202107-05
reference_type
scores
url https://security.gentoo.org/glsa/202107-05
28
reference_url https://access.redhat.com/errata/RHSA-2021:1597
reference_id RHSA-2021:1597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1597
29
reference_url https://usn.ubuntu.com/4991-1/
reference_id USN-4991-1
reference_type
scores
url https://usn.ubuntu.com/4991-1/
fixed_packages
0
url pkg:gem/nokogiri@1.11.4
purl pkg:gem/nokogiri@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-8geh-vfns-pfgs
4
vulnerability VCID-9wgc-swf9-z7hq
5
vulnerability VCID-c6hb-sbhx-zqac
6
vulnerability VCID-cbm2-cez4-bqgh
7
vulnerability VCID-eb6k-ppfd-m7a3
8
vulnerability VCID-ghbk-uumc-dug3
9
vulnerability VCID-gsar-pymk-43hs
10
vulnerability VCID-hzjv-gf8n-jka2
11
vulnerability VCID-jfh3-1sgm-7ug2
12
vulnerability VCID-jqdg-ebz9-t3e9
13
vulnerability VCID-m7km-hbm9-23h4
14
vulnerability VCID-nq12-ryyt-c7g9
15
vulnerability VCID-q732-nexj-1ue6
16
vulnerability VCID-snr1-kaug-43aa
17
vulnerability VCID-u8gx-xbj9-97c7
18
vulnerability VCID-udew-3gre-13hy
19
vulnerability VCID-uf9q-1ds5-wbev
20
vulnerability VCID-w8jf-tsmr-g7cd
21
vulnerability VCID-xd6j-x83x-r3gn
22
vulnerability VCID-y5vb-sn4p-eqd9
23
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4
aliases CVE-2020-24977
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7bpp-2hvk-2udv
7
url VCID-8geh-vfns-pfgs
vulnerability_id VCID-8geh-vfns-pfgs
summary 
Improper Restriction of XML External Entity Reference
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41098.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41098.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41098
reference_id
reference_type
scores
0
value 0.00564
scoring_system epss
scoring_elements 0.68411
published_at 2026-04-13T12:55:00Z
1
value 0.00564
scoring_system epss
scoring_elements 0.68444
published_at 2026-04-12T12:55:00Z
2
value 0.00564
scoring_system epss
scoring_elements 0.68456
published_at 2026-04-11T12:55:00Z
3
value 0.00564
scoring_system epss
scoring_elements 0.6843
published_at 2026-04-09T12:55:00Z
4
value 0.00564
scoring_system epss
scoring_elements 0.68413
published_at 2026-04-08T12:55:00Z
5
value 0.00564
scoring_system epss
scoring_elements 0.68362
published_at 2026-04-07T12:55:00Z
6
value 0.00565
scoring_system epss
scoring_elements 0.68359
published_at 2026-04-01T12:55:00Z
7
value 0.00565
scoring_system epss
scoring_elements 0.68379
published_at 2026-04-02T12:55:00Z
8
value 0.00565
scoring_system epss
scoring_elements 0.68398
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41098
2
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-41098.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-41098.yml
3
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
4
reference_url https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d
5
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2008914
reference_id 2008914
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2008914
7
reference_url https://security.archlinux.org/AVG-2424
reference_id AVG-2424
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2424
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41098
reference_id CVE-2021-41098
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41098
9
reference_url https://github.com/advisories/GHSA-2rr5-8q37-2w7h
reference_id GHSA-2rr5-8q37-2w7h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rr5-8q37-2w7h
fixed_packages
0
url pkg:gem/nokogiri@1.12.5
purl pkg:gem/nokogiri@1.12.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-9wgc-swf9-z7hq
4
vulnerability VCID-c6hb-sbhx-zqac
5
vulnerability VCID-cbm2-cez4-bqgh
6
vulnerability VCID-eb6k-ppfd-m7a3
7
vulnerability VCID-ghbk-uumc-dug3
8
vulnerability VCID-gsar-pymk-43hs
9
vulnerability VCID-hzjv-gf8n-jka2
10
vulnerability VCID-jfh3-1sgm-7ug2
11
vulnerability VCID-jqdg-ebz9-t3e9
12
vulnerability VCID-m7km-hbm9-23h4
13
vulnerability VCID-nq12-ryyt-c7g9
14
vulnerability VCID-q732-nexj-1ue6
15
vulnerability VCID-snr1-kaug-43aa
16
vulnerability VCID-u8gx-xbj9-97c7
17
vulnerability VCID-udew-3gre-13hy
18
vulnerability VCID-uf9q-1ds5-wbev
19
vulnerability VCID-w8jf-tsmr-g7cd
20
vulnerability VCID-xd6j-x83x-r3gn
21
vulnerability VCID-y5vb-sn4p-eqd9
22
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.12.5
aliases CVE-2021-41098, GHSA-2rr5-8q37-2w7h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8geh-vfns-pfgs
8
url VCID-96v6-vs1m-skf3
vulnerability_id VCID-96v6-vs1m-skf3
summary 
Improper Input Validation
In `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13118
reference_id
reference_type
scores
0
value 0.01027
scoring_system epss
scoring_elements 0.77289
published_at 2026-04-13T12:55:00Z
1
value 0.01027
scoring_system epss
scoring_elements 0.77313
published_at 2026-04-11T12:55:00Z
2
value 0.01027
scoring_system epss
scoring_elements 0.77263
published_at 2026-04-04T12:55:00Z
3
value 0.01027
scoring_system epss
scoring_elements 0.77245
published_at 2026-04-07T12:55:00Z
4
value 0.01027
scoring_system epss
scoring_elements 0.77276
published_at 2026-04-08T12:55:00Z
5
value 0.01027
scoring_system epss
scoring_elements 0.77285
published_at 2026-04-09T12:55:00Z
6
value 0.01027
scoring_system epss
scoring_elements 0.77292
published_at 2026-04-12T12:55:00Z
7
value 0.01027
scoring_system epss
scoring_elements 0.77228
published_at 2026-04-01T12:55:00Z
8
value 0.01027
scoring_system epss
scoring_elements 0.77235
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13118
3
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13118
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13118
5
reference_url http://seclists.org/fulldisclosure/2019/Aug/11
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Aug/11
6
reference_url http://seclists.org/fulldisclosure/2019/Aug/13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Aug/13
7
reference_url http://seclists.org/fulldisclosure/2019/Aug/14
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Aug/14
8
reference_url http://seclists.org/fulldisclosure/2019/Aug/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Aug/15
9
reference_url http://seclists.org/fulldisclosure/2019/Jul/22
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Jul/22
10
reference_url http://seclists.org/fulldisclosure/2019/Jul/23
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Jul/23
11
reference_url http://seclists.org/fulldisclosure/2019/Jul/24
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Jul/24
12
reference_url http://seclists.org/fulldisclosure/2019/Jul/26
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Jul/26
13
reference_url http://seclists.org/fulldisclosure/2019/Jul/31
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Jul/31
14
reference_url http://seclists.org/fulldisclosure/2019/Jul/37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Jul/37
15
reference_url http://seclists.org/fulldisclosure/2019/Jul/38
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Jul/38
16
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
17
reference_url https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796
18
reference_url https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e
19
reference_url https://github.com/sparklemotion/nokogiri/issues/1943
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1943
20
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5
21
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
22
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
24
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
27
reference_url https://oss-fuzz.com/testcase-detail/5197371471822848
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://oss-fuzz.com/testcase-detail/5197371471822848
28
reference_url https://seclists.org/bugtraq/2019/Aug/21
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/21
29
reference_url https://seclists.org/bugtraq/2019/Aug/22
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/22
30
reference_url https://seclists.org/bugtraq/2019/Aug/23
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/23
31
reference_url https://seclists.org/bugtraq/2019/Aug/25
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Aug/25
32
reference_url https://seclists.org/bugtraq/2019/Jul/35
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jul/35
33
reference_url https://seclists.org/bugtraq/2019/Jul/36
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jul/36
34
reference_url https://seclists.org/bugtraq/2019/Jul/37
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jul/37
35
reference_url https://seclists.org/bugtraq/2019/Jul/40
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jul/40
36
reference_url https://seclists.org/bugtraq/2019/Jul/41
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jul/41
37
reference_url https://seclists.org/bugtraq/2019/Jul/42
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Jul/42
38
reference_url https://security.netapp.com/advisory/ntap-20190806-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190806-0004
39
reference_url https://security.netapp.com/advisory/ntap-20190806-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190806-0004/
40
reference_url https://security.netapp.com/advisory/ntap-20200122-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200122-0003
41
reference_url https://security.netapp.com/advisory/ntap-20200122-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200122-0003/
42
reference_url https://support.apple.com/kb/HT210346
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT210346
43
reference_url https://support.apple.com/kb/HT210348
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT210348
44
reference_url https://support.apple.com/kb/HT210351
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT210351
45
reference_url https://support.apple.com/kb/HT210353
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT210353
46
reference_url https://support.apple.com/kb/HT210356
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT210356
47
reference_url https://support.apple.com/kb/HT210357
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT210357
48
reference_url https://support.apple.com/kb/HT210358
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT210358
49
reference_url https://usn.ubuntu.com/4164-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4164-1
50
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
51
reference_url http://www.openwall.com/lists/oss-security/2019/11/17/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/11/17/2
52
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1728541
reference_id 1728541
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1728541
53
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320
reference_id 931320
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320
54
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13118
reference_id CVE-2019-13118
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13118
55
reference_url https://github.com/advisories/GHSA-cf46-6xxh-pc75
reference_id GHSA-cf46-6xxh-pc75
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cf46-6xxh-pc75
56
reference_url https://usn.ubuntu.com/4164-1/
reference_id USN-4164-1
reference_type
scores
url https://usn.ubuntu.com/4164-1/
fixed_packages
0
url pkg:gem/nokogiri@1.10.5
purl pkg:gem/nokogiri@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-7bpp-2hvk-2udv
4
vulnerability VCID-8geh-vfns-pfgs
5
vulnerability VCID-9hqf-12yh-bkc8
6
vulnerability VCID-9wgc-swf9-z7hq
7
vulnerability VCID-c6hb-sbhx-zqac
8
vulnerability VCID-cbm2-cez4-bqgh
9
vulnerability VCID-eb6k-ppfd-m7a3
10
vulnerability VCID-ek5d-m9pn-3fec
11
vulnerability VCID-ghbk-uumc-dug3
12
vulnerability VCID-gsar-pymk-43hs
13
vulnerability VCID-hzjv-gf8n-jka2
14
vulnerability VCID-jfh3-1sgm-7ug2
15
vulnerability VCID-jqdg-ebz9-t3e9
16
vulnerability VCID-m7km-hbm9-23h4
17
vulnerability VCID-n6za-rwad-tbaq
18
vulnerability VCID-nq12-ryyt-c7g9
19
vulnerability VCID-q732-nexj-1ue6
20
vulnerability VCID-qv3r-ppuc-zycz
21
vulnerability VCID-rsvx-3f49-v3an
22
vulnerability VCID-snr1-kaug-43aa
23
vulnerability VCID-u8gx-xbj9-97c7
24
vulnerability VCID-udew-3gre-13hy
25
vulnerability VCID-uf9q-1ds5-wbev
26
vulnerability VCID-vf7b-s3y3-sfhw
27
vulnerability VCID-vhyk-9tbb-quc3
28
vulnerability VCID-w8jf-tsmr-g7cd
29
vulnerability VCID-xd6j-x83x-r3gn
30
vulnerability VCID-y5vb-sn4p-eqd9
31
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5
aliases CVE-2019-13118, GHSA-cf46-6xxh-pc75
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96v6-vs1m-skf3
9
url VCID-9hqf-12yh-bkc8
vulnerability_id VCID-9hqf-12yh-bkc8
summary 
Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3518
reference_id
reference_type
scores
0
value 0.0025
scoring_system epss
scoring_elements 0.48398
published_at 2026-04-13T12:55:00Z
1
value 0.0025
scoring_system epss
scoring_elements 0.48386
published_at 2026-04-12T12:55:00Z
2
value 0.0025
scoring_system epss
scoring_elements 0.48412
published_at 2026-04-11T12:55:00Z
3
value 0.0025
scoring_system epss
scoring_elements 0.48388
published_at 2026-04-09T12:55:00Z
4
value 0.0025
scoring_system epss
scoring_elements 0.48394
published_at 2026-04-08T12:55:00Z
5
value 0.0025
scoring_system epss
scoring_elements 0.48339
published_at 2026-04-07T12:55:00Z
6
value 0.00257
scoring_system epss
scoring_elements 0.49056
published_at 2026-04-01T12:55:00Z
7
value 0.00257
scoring_system epss
scoring_elements 0.49118
published_at 2026-04-04T12:55:00Z
8
value 0.00257
scoring_system epss
scoring_elements 0.4909
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3518
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1954242
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1954242
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518
4
reference_url http://seclists.org/fulldisclosure/2021/Jul/54
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Jul/54
5
reference_url http://seclists.org/fulldisclosure/2021/Jul/55
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Jul/55
6
reference_url http://seclists.org/fulldisclosure/2021/Jul/58
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Jul/58
7
reference_url http://seclists.org/fulldisclosure/2021/Jul/59
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2021/Jul/59
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml
10
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
11
reference_url https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722
12
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
14
reference_url https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
19
reference_url https://nokogiri.org/CHANGELOG.html#1114-2021-05-14
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nokogiri.org/CHANGELOG.html#1114-2021-05-14
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3518
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3518
21
reference_url https://security.netapp.com/advisory/ntap-20210625-0002
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210625-0002
22
reference_url https://security.netapp.com/advisory/ntap-20210625-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210625-0002/
23
reference_url https://support.apple.com/kb/HT212601
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT212601
24
reference_url https://support.apple.com/kb/HT212602
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT212602
25
reference_url https://support.apple.com/kb/HT212604
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT212604
26
reference_url https://support.apple.com/kb/HT212605
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT212605
27
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
28
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
29
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
30
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737
reference_id 987737
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737
31
reference_url https://security.archlinux.org/AVG-1883
reference_id AVG-1883
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1883
32
reference_url https://github.com/advisories/GHSA-v4f8-2847-rwm7
reference_id GHSA-v4f8-2847-rwm7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v4f8-2847-rwm7
33
reference_url https://security.gentoo.org/glsa/202107-05
reference_id GLSA-202107-05
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-05
34
reference_url https://access.redhat.com/errata/RHSA-2021:2569
reference_id RHSA-2021:2569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2569
35
reference_url https://access.redhat.com/errata/RHSA-2022:1389
reference_id RHSA-2022:1389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1389
36
reference_url https://access.redhat.com/errata/RHSA-2022:1390
reference_id RHSA-2022:1390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1390
37
reference_url https://usn.ubuntu.com/4991-1/
reference_id USN-4991-1
reference_type
scores
url https://usn.ubuntu.com/4991-1/
fixed_packages
0
url pkg:gem/nokogiri@1.11.4
purl pkg:gem/nokogiri@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-8geh-vfns-pfgs
4
vulnerability VCID-9wgc-swf9-z7hq
5
vulnerability VCID-c6hb-sbhx-zqac
6
vulnerability VCID-cbm2-cez4-bqgh
7
vulnerability VCID-eb6k-ppfd-m7a3
8
vulnerability VCID-ghbk-uumc-dug3
9
vulnerability VCID-gsar-pymk-43hs
10
vulnerability VCID-hzjv-gf8n-jka2
11
vulnerability VCID-jfh3-1sgm-7ug2
12
vulnerability VCID-jqdg-ebz9-t3e9
13
vulnerability VCID-m7km-hbm9-23h4
14
vulnerability VCID-nq12-ryyt-c7g9
15
vulnerability VCID-q732-nexj-1ue6
16
vulnerability VCID-snr1-kaug-43aa
17
vulnerability VCID-u8gx-xbj9-97c7
18
vulnerability VCID-udew-3gre-13hy
19
vulnerability VCID-uf9q-1ds5-wbev
20
vulnerability VCID-w8jf-tsmr-g7cd
21
vulnerability VCID-xd6j-x83x-r3gn
22
vulnerability VCID-y5vb-sn4p-eqd9
23
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4
aliases CVE-2021-3518, GHSA-v4f8-2847-rwm7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hqf-12yh-bkc8
10
url VCID-9wgc-swf9-z7hq
vulnerability_id VCID-9wgc-swf9-z7hq
summary 
Inefficient Regular Expression Complexity
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24836
reference_id
reference_type
scores
0
value 0.0134
scoring_system epss
scoring_elements 0.8001
published_at 2026-04-13T12:55:00Z
1
value 0.0134
scoring_system epss
scoring_elements 0.80018
published_at 2026-04-12T12:55:00Z
2
value 0.0134
scoring_system epss
scoring_elements 0.80035
published_at 2026-04-11T12:55:00Z
3
value 0.0134
scoring_system epss
scoring_elements 0.80015
published_at 2026-04-09T12:55:00Z
4
value 0.0134
scoring_system epss
scoring_elements 0.79978
published_at 2026-04-07T12:55:00Z
5
value 0.0134
scoring_system epss
scoring_elements 0.80006
published_at 2026-04-08T12:55:00Z
6
value 0.01377
scoring_system epss
scoring_elements 0.80208
published_at 2026-04-02T12:55:00Z
7
value 0.01377
scoring_system epss
scoring_elements 0.80228
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24836
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24836
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24836
3
reference_url http://seclists.org/fulldisclosure/2022/Dec/23
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2022/Dec/23
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml
6
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
7
reference_url https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
8
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
9
reference_url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
10
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
11
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
18
reference_url https://security.gentoo.org/glsa/202208-29
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-29
19
reference_url https://support.apple.com/kb/HT213532
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT213532
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787
reference_id 1009787
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2074346
reference_id 2074346
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2074346
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24836
reference_id CVE-2022-24836
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24836
23
reference_url https://github.com/advisories/GHSA-crjr-9rc5-ghw8
reference_id GHSA-crjr-9rc5-ghw8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-crjr-9rc5-ghw8
24
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
reference_id GHSA-crjr-9rc5-ghw8
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
25
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
fixed_packages
0
url pkg:gem/nokogiri@1.13.4
purl pkg:gem/nokogiri@1.13.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-c6hb-sbhx-zqac
4
vulnerability VCID-eb6k-ppfd-m7a3
5
vulnerability VCID-ghbk-uumc-dug3
6
vulnerability VCID-hzjv-gf8n-jka2
7
vulnerability VCID-jfh3-1sgm-7ug2
8
vulnerability VCID-m7km-hbm9-23h4
9
vulnerability VCID-q732-nexj-1ue6
10
vulnerability VCID-snr1-kaug-43aa
11
vulnerability VCID-udew-3gre-13hy
12
vulnerability VCID-uf9q-1ds5-wbev
13
vulnerability VCID-w8jf-tsmr-g7cd
14
vulnerability VCID-y5vb-sn4p-eqd9
15
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4
aliases CVE-2022-24836, GHSA-crjr-9rc5-ghw8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wgc-swf9-z7hq
11
url VCID-azzy-m5pc-qudn
vulnerability_id VCID-azzy-m5pc-qudn
summary 
Loop with Unreachable Exit Condition ('Infinite Loop')
parser.c in libxml2 does not prevent infinite recursion in parameter entities.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16932
reference_id
reference_type
scores
0
value 0.21989
scoring_system epss
scoring_elements 0.95738
published_at 2026-04-01T12:55:00Z
1
value 0.21989
scoring_system epss
scoring_elements 0.95772
published_at 2026-04-12T12:55:00Z
2
value 0.21989
scoring_system epss
scoring_elements 0.95773
published_at 2026-04-11T12:55:00Z
3
value 0.21989
scoring_system epss
scoring_elements 0.95769
published_at 2026-04-09T12:55:00Z
4
value 0.21989
scoring_system epss
scoring_elements 0.95766
published_at 2026-04-08T12:55:00Z
5
value 0.21989
scoring_system epss
scoring_elements 0.95757
published_at 2026-04-07T12:55:00Z
6
value 0.21989
scoring_system epss
scoring_elements 0.95755
published_at 2026-04-04T12:55:00Z
7
value 0.21989
scoring_system epss
scoring_elements 0.95774
published_at 2026-04-13T12:55:00Z
8
value 0.21989
scoring_system epss
scoring_elements 0.95747
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16932
2
reference_url https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
3
reference_url https://bugzilla.gnome.org/show_bug.cgi?id=759579
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://bugzilla.gnome.org/show_bug.cgi?id=759579
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml
8
reference_url https://github.com/sparklemotion/nokogiri/issues/1714
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1714
9
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
10
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
14
reference_url https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html
15
reference_url https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
16
reference_url https://usn.ubuntu.com/3739-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3739-1
17
reference_url https://usn.ubuntu.com/3739-1/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url https://usn.ubuntu.com/3739-1/
18
reference_url https://usn.ubuntu.com/usn/usn-3504-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/usn/usn-3504-1/
19
reference_url http://xmlsoft.org/news.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/
url http://xmlsoft.org/news.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1517316
reference_id 1517316
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1517316
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613
reference_id 882613
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16932
reference_id CVE-2017-16932
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-16932
24
reference_url https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html
reference_id CVE-2017-16932.HTML
reference_type
scores
url https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html
25
reference_url https://github.com/advisories/GHSA-x2fm-93ww-ggvx
reference_id GHSA-x2fm-93ww-ggvx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2fm-93ww-ggvx
26
reference_url https://usn.ubuntu.com/3504-1/
reference_id USN-3504-1
reference_type
scores
url https://usn.ubuntu.com/3504-1/
27
reference_url https://usn.ubuntu.com/3504-2/
reference_id USN-3504-2
reference_type
scores
url https://usn.ubuntu.com/3504-2/
fixed_packages
0
url pkg:gem/nokogiri@1.8.1
purl pkg:gem/nokogiri@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-64c1-dzhs-u3gj
3
vulnerability VCID-6r5w-pgkx-v3cb
4
vulnerability VCID-7bpp-2hvk-2udv
5
vulnerability VCID-8geh-vfns-pfgs
6
vulnerability VCID-96v6-vs1m-skf3
7
vulnerability VCID-9hqf-12yh-bkc8
8
vulnerability VCID-9wgc-swf9-z7hq
9
vulnerability VCID-bejh-22y7-kuh6
10
vulnerability VCID-c6hb-sbhx-zqac
11
vulnerability VCID-cbm2-cez4-bqgh
12
vulnerability VCID-eb6k-ppfd-m7a3
13
vulnerability VCID-ek5d-m9pn-3fec
14
vulnerability VCID-ghbk-uumc-dug3
15
vulnerability VCID-gsar-pymk-43hs
16
vulnerability VCID-hzjv-gf8n-jka2
17
vulnerability VCID-jfh3-1sgm-7ug2
18
vulnerability VCID-jqdg-ebz9-t3e9
19
vulnerability VCID-m7km-hbm9-23h4
20
vulnerability VCID-n6za-rwad-tbaq
21
vulnerability VCID-nq12-ryyt-c7g9
22
vulnerability VCID-q732-nexj-1ue6
23
vulnerability VCID-qv3r-ppuc-zycz
24
vulnerability VCID-rsvx-3f49-v3an
25
vulnerability VCID-snr1-kaug-43aa
26
vulnerability VCID-sqa5-8yrd-qyfz
27
vulnerability VCID-sxp3-vtcq-pugw
28
vulnerability VCID-tdt5-asvh-ryaa
29
vulnerability VCID-tn87-vke6-kuf6
30
vulnerability VCID-txm2-sdc1-7uch
31
vulnerability VCID-u8gx-xbj9-97c7
32
vulnerability VCID-udew-3gre-13hy
33
vulnerability VCID-uf9q-1ds5-wbev
34
vulnerability VCID-vf7b-s3y3-sfhw
35
vulnerability VCID-vhyk-9tbb-quc3
36
vulnerability VCID-w8jf-tsmr-g7cd
37
vulnerability VCID-wc4g-sxyq-ubcd
38
vulnerability VCID-xd6j-x83x-r3gn
39
vulnerability VCID-y5vb-sn4p-eqd9
40
vulnerability VCID-yeku-1zjh-kbea
41
vulnerability VCID-zwzs-qztz-wbfj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.1
aliases CVE-2017-16932, GHSA-x2fm-93ww-ggvx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azzy-m5pc-qudn
12
url VCID-bejh-22y7-kuh6
vulnerability_id VCID-bejh-22y7-kuh6
summary 
NULL Pointer Dereference
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:1543
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://access.redhat.com/errata/RHSA-2019:1543
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14404
reference_id
reference_type
scores
0
value 0.18492
scoring_system epss
scoring_elements 0.95218
published_at 2026-04-02T12:55:00Z
1
value 0.18492
scoring_system epss
scoring_elements 0.95206
published_at 2026-04-01T12:55:00Z
2
value 0.18492
scoring_system epss
scoring_elements 0.9522
published_at 2026-04-04T12:55:00Z
3
value 0.20012
scoring_system epss
scoring_elements 0.95464
published_at 2026-04-09T12:55:00Z
4
value 0.20012
scoring_system epss
scoring_elements 0.95468
published_at 2026-04-12T12:55:00Z
5
value 0.20012
scoring_system epss
scoring_elements 0.95469
published_at 2026-04-13T12:55:00Z
6
value 0.20012
scoring_system epss
scoring_elements 0.95454
published_at 2026-04-07T12:55:00Z
7
value 0.20012
scoring_system epss
scoring_elements 0.95461
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14404
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1595985
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=1595985
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/sparklemotion/nokogiri/issues/1785
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1785
8
reference_url https://gitlab.gnome.org/GNOME/libxml2/issues/10
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://gitlab.gnome.org/GNOME/libxml2/issues/10
9
reference_url https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
10
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
11
reference_url https://security.netapp.com/advisory/ntap-20190719-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190719-0002
12
reference_url https://security.netapp.com/advisory/ntap-20190719-0002/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://security.netapp.com/advisory/ntap-20190719-0002/
13
reference_url https://usn.ubuntu.com/3739-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3739-1
14
reference_url https://usn.ubuntu.com/3739-1/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://usn.ubuntu.com/3739-1/
15
reference_url https://usn.ubuntu.com/3739-2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3739-2
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14404
reference_id CVE-2018-14404
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14404
23
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml
reference_id CVE-2018-14404.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml
24
reference_url https://github.com/advisories/GHSA-6qvp-r6r3-9p7h
reference_id GHSA-6qvp-r6r3-9p7h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qvp-r6r3-9p7h
25
reference_url https://access.redhat.com/errata/RHSA-2020:1190
reference_id RHSA-2020:1190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1190
26
reference_url https://access.redhat.com/errata/RHSA-2020:1827
reference_id RHSA-2020:1827
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1827
27
reference_url https://usn.ubuntu.com/3739-2/
reference_id USN-3739-2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://usn.ubuntu.com/3739-2/
fixed_packages
0
url pkg:gem/nokogiri@1.8.5
purl pkg:gem/nokogiri@1.8.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-64c1-dzhs-u3gj
3
vulnerability VCID-6r5w-pgkx-v3cb
4
vulnerability VCID-7bpp-2hvk-2udv
5
vulnerability VCID-8geh-vfns-pfgs
6
vulnerability VCID-96v6-vs1m-skf3
7
vulnerability VCID-9hqf-12yh-bkc8
8
vulnerability VCID-9wgc-swf9-z7hq
9
vulnerability VCID-c6hb-sbhx-zqac
10
vulnerability VCID-cbm2-cez4-bqgh
11
vulnerability VCID-eb6k-ppfd-m7a3
12
vulnerability VCID-ek5d-m9pn-3fec
13
vulnerability VCID-ghbk-uumc-dug3
14
vulnerability VCID-gsar-pymk-43hs
15
vulnerability VCID-hzjv-gf8n-jka2
16
vulnerability VCID-jfh3-1sgm-7ug2
17
vulnerability VCID-jqdg-ebz9-t3e9
18
vulnerability VCID-m7km-hbm9-23h4
19
vulnerability VCID-n6za-rwad-tbaq
20
vulnerability VCID-nq12-ryyt-c7g9
21
vulnerability VCID-q732-nexj-1ue6
22
vulnerability VCID-qv3r-ppuc-zycz
23
vulnerability VCID-rsvx-3f49-v3an
24
vulnerability VCID-snr1-kaug-43aa
25
vulnerability VCID-sxp3-vtcq-pugw
26
vulnerability VCID-tdt5-asvh-ryaa
27
vulnerability VCID-txm2-sdc1-7uch
28
vulnerability VCID-u8gx-xbj9-97c7
29
vulnerability VCID-udew-3gre-13hy
30
vulnerability VCID-uf9q-1ds5-wbev
31
vulnerability VCID-vf7b-s3y3-sfhw
32
vulnerability VCID-vhyk-9tbb-quc3
33
vulnerability VCID-w8jf-tsmr-g7cd
34
vulnerability VCID-xd6j-x83x-r3gn
35
vulnerability VCID-y5vb-sn4p-eqd9
36
vulnerability VCID-yeku-1zjh-kbea
37
vulnerability VCID-zwzs-qztz-wbfj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.5
aliases CVE-2018-14404, GHSA-6qvp-r6r3-9p7h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bejh-22y7-kuh6
13
url VCID-c6hb-sbhx-zqac
vulnerability_id VCID-c6hb-sbhx-zqac
summary 
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
## Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-r95h-9x8f-r3f7. This link is maintained to preserve external references.

## Original Description

## Summary

Nokogiri v1.16.5 upgrades its dependency libxml2 to
[2.12.7](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7) from 2.12.6.

libxml2 v2.12.7 addresses CVE-2024-34459:

- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
- patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53

## Impact

There is no impact to Nokogiri users because the issue is present only
in libxml2's `xmllint` tool which Nokogiri does not provide or expose.

## Timeline

- 2024-05-13 05:57 EDT, libxml2 2.12.7 release is announced
- 2024-05-13 08:30 EDT, nokogiri maintainers begin triage
- 2024-05-13 10:05 EDT, nokogiri [v1.16.5 is released](https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5)
  and this GHSA made public
references
0
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml
1
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7
3
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
4
reference_url https://github.com/advisories/GHSA-r3w4-36x6-7r99
reference_id GHSA-r3w4-36x6-7r99
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r3w4-36x6-7r99
fixed_packages
0
url pkg:gem/nokogiri@1.16.5
purl pkg:gem/nokogiri@1.16.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6r5w-pgkx-v3cb
1
vulnerability VCID-jfh3-1sgm-7ug2
2
vulnerability VCID-q732-nexj-1ue6
3
vulnerability VCID-uf9q-1ds5-wbev
4
vulnerability VCID-w8jf-tsmr-g7cd
5
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.5
aliases GHSA-r3w4-36x6-7r99
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6hb-sbhx-zqac
14
url VCID-cbm2-cez4-bqgh
vulnerability_id VCID-cbm2-cez4-bqgh
summary 
Use After Free
`valid.c` in libxml2 before 2.9.13 has a use-after-free of `ID` and `IDREF` attributes.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23308
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15524
published_at 2026-04-13T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.15601
published_at 2026-04-08T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15656
published_at 2026-04-09T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.15623
published_at 2026-04-11T12:55:00Z
4
value 0.0005
scoring_system epss
scoring_elements 0.15588
published_at 2026-04-12T12:55:00Z
5
value 0.0005
scoring_system epss
scoring_elements 0.15515
published_at 2026-04-07T12:55:00Z
6
value 0.00052
scoring_system epss
scoring_elements 0.16267
published_at 2026-04-02T12:55:00Z
7
value 0.00052
scoring_system epss
scoring_elements 0.16327
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23308
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
reference_id
reference_type
scores
url https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
5
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
reference_id
reference_type
scores
url https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489
reference_id 1006489
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2056913
reference_id 2056913
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2056913
9
reference_url https://security.archlinux.org/AVG-2726
reference_id AVG-2726
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2726
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23308
reference_id CVE-2022-23308
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-23308
11
reference_url https://security.gentoo.org/glsa/202210-03
reference_id GLSA-202210-03
reference_type
scores
url https://security.gentoo.org/glsa/202210-03
12
reference_url https://access.redhat.com/errata/RHSA-2022:0899
reference_id RHSA-2022:0899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0899
13
reference_url https://access.redhat.com/errata/RHSA-2022:1389
reference_id RHSA-2022:1389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1389
14
reference_url https://access.redhat.com/errata/RHSA-2022:1390
reference_id RHSA-2022:1390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1390
15
reference_url https://usn.ubuntu.com/5324-1/
reference_id USN-5324-1
reference_type
scores
url https://usn.ubuntu.com/5324-1/
16
reference_url https://usn.ubuntu.com/5422-1/
reference_id USN-5422-1
reference_type
scores
url https://usn.ubuntu.com/5422-1/
fixed_packages
0
url pkg:gem/nokogiri@1.13.2
purl pkg:gem/nokogiri@1.13.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-9wgc-swf9-z7hq
4
vulnerability VCID-c6hb-sbhx-zqac
5
vulnerability VCID-eb6k-ppfd-m7a3
6
vulnerability VCID-ghbk-uumc-dug3
7
vulnerability VCID-gsar-pymk-43hs
8
vulnerability VCID-hzjv-gf8n-jka2
9
vulnerability VCID-jfh3-1sgm-7ug2
10
vulnerability VCID-jqdg-ebz9-t3e9
11
vulnerability VCID-m7km-hbm9-23h4
12
vulnerability VCID-q732-nexj-1ue6
13
vulnerability VCID-snr1-kaug-43aa
14
vulnerability VCID-u8gx-xbj9-97c7
15
vulnerability VCID-udew-3gre-13hy
16
vulnerability VCID-uf9q-1ds5-wbev
17
vulnerability VCID-w8jf-tsmr-g7cd
18
vulnerability VCID-xd6j-x83x-r3gn
19
vulnerability VCID-y5vb-sn4p-eqd9
20
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.2
aliases CVE-2022-23308
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbm2-cez4-bqgh
15
url VCID-eb6k-ppfd-m7a3
vulnerability_id VCID-eb6k-ppfd-m7a3
summary Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40304.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40304.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40304
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.37101
published_at 2026-04-02T12:55:00Z
1
value 0.00219
scoring_system epss
scoring_elements 0.4453
published_at 2026-04-13T12:55:00Z
2
value 0.00219
scoring_system epss
scoring_elements 0.44548
published_at 2026-04-04T12:55:00Z
3
value 0.00219
scoring_system epss
scoring_elements 0.44487
published_at 2026-04-07T12:55:00Z
4
value 0.00219
scoring_system epss
scoring_elements 0.44537
published_at 2026-04-08T12:55:00Z
5
value 0.00219
scoring_system epss
scoring_elements 0.44542
published_at 2026-04-09T12:55:00Z
6
value 0.00219
scoring_system epss
scoring_elements 0.44559
published_at 2026-04-11T12:55:00Z
7
value 0.00219
scoring_system epss
scoring_elements 0.44529
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40304
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
7
reference_url https://nokogiri.org/CHANGELOG.html#1139-2022-10-18
reference_id
reference_type
scores
url https://nokogiri.org/CHANGELOG.html#1139-2022-10-18
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225
reference_id 1022225
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225
9
reference_url http://seclists.org/fulldisclosure/2022/Dec/21
reference_id 21
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url http://seclists.org/fulldisclosure/2022/Dec/21
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2136288
reference_id 2136288
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2136288
11
reference_url http://seclists.org/fulldisclosure/2022/Dec/24
reference_id 24
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url http://seclists.org/fulldisclosure/2022/Dec/24
12
reference_url http://seclists.org/fulldisclosure/2022/Dec/25
reference_id 25
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url http://seclists.org/fulldisclosure/2022/Dec/25
13
reference_url http://seclists.org/fulldisclosure/2022/Dec/26
reference_id 26
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url http://seclists.org/fulldisclosure/2022/Dec/26
14
reference_url http://seclists.org/fulldisclosure/2022/Dec/27
reference_id 27
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url http://seclists.org/fulldisclosure/2022/Dec/27
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40304
reference_id CVE-2022-40304
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-40304
16
reference_url https://security.gentoo.org/glsa/202210-39
reference_id GLSA-202210-39
reference_type
scores
url https://security.gentoo.org/glsa/202210-39
17
reference_url https://support.apple.com/kb/HT213531
reference_id HT213531
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://support.apple.com/kb/HT213531
18
reference_url https://support.apple.com/kb/HT213533
reference_id HT213533
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://support.apple.com/kb/HT213533
19
reference_url https://support.apple.com/kb/HT213534
reference_id HT213534
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://support.apple.com/kb/HT213534
20
reference_url https://support.apple.com/kb/HT213535
reference_id HT213535
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://support.apple.com/kb/HT213535
21
reference_url https://support.apple.com/kb/HT213536
reference_id HT213536
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://support.apple.com/kb/HT213536
22
reference_url https://security.netapp.com/advisory/ntap-20221209-0003/
reference_id ntap-20221209-0003
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://security.netapp.com/advisory/ntap-20221209-0003/
23
reference_url https://access.redhat.com/errata/RHSA-2022:8841
reference_id RHSA-2022:8841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8841
24
reference_url https://access.redhat.com/errata/RHSA-2023:0173
reference_id RHSA-2023:0173
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0173
25
reference_url https://access.redhat.com/errata/RHSA-2023:0338
reference_id RHSA-2023:0338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0338
26
reference_url https://access.redhat.com/errata/RHSA-2024:0413
reference_id RHSA-2024:0413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0413
27
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/tags
reference_id tags
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/tags
28
reference_url https://usn.ubuntu.com/5760-1/
reference_id USN-5760-1
reference_type
scores
url https://usn.ubuntu.com/5760-1/
29
reference_url https://usn.ubuntu.com/5760-2/
reference_id USN-5760-2
reference_type
scores
url https://usn.ubuntu.com/5760-2/
fixed_packages
0
url pkg:gem/nokogiri@1.13.9
purl pkg:gem/nokogiri@1.13.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-6r5w-pgkx-v3cb
2
vulnerability VCID-c6hb-sbhx-zqac
3
vulnerability VCID-eru7-uy2t-d3ef
4
vulnerability VCID-ghbk-uumc-dug3
5
vulnerability VCID-hzjv-gf8n-jka2
6
vulnerability VCID-jfh3-1sgm-7ug2
7
vulnerability VCID-q732-nexj-1ue6
8
vulnerability VCID-uf9q-1ds5-wbev
9
vulnerability VCID-w8jf-tsmr-g7cd
10
vulnerability VCID-y5vb-sn4p-eqd9
11
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.9
aliases CVE-2022-40304
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eb6k-ppfd-m7a3
16
url VCID-ecde-c15q-ukh1
vulnerability_id VCID-ecde-c15q-ukh1
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
xpointer.c in libxml2 (as used in Apple iOS, OS X, tvOS, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
references
0
reference_url http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
1
reference_url http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
2
reference_url http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html
3
reference_url http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4658
reference_id
reference_type
scores
0
value 0.17714
scoring_system epss
scoring_elements 0.95117
published_at 2026-04-13T12:55:00Z
1
value 0.17714
scoring_system epss
scoring_elements 0.95096
published_at 2026-04-07T12:55:00Z
2
value 0.17714
scoring_system epss
scoring_elements 0.95103
published_at 2026-04-08T12:55:00Z
3
value 0.17714
scoring_system epss
scoring_elements 0.95107
published_at 2026-04-09T12:55:00Z
4
value 0.17714
scoring_system epss
scoring_elements 0.95113
published_at 2026-04-11T12:55:00Z
5
value 0.17714
scoring_system epss
scoring_elements 0.95115
published_at 2026-04-12T12:55:00Z
6
value 0.18099
scoring_system epss
scoring_elements 0.95156
published_at 2026-04-04T12:55:00Z
7
value 0.18099
scoring_system epss
scoring_elements 0.95154
published_at 2026-04-02T12:55:00Z
8
value 0.18099
scoring_system epss
scoring_elements 0.95143
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4658
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
10
reference_url https://github.com/sparklemotion/nokogiri/issues/1615
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1615
11
reference_url https://support.apple.com/HT207141
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT207141
12
reference_url https://support.apple.com/HT207142
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT207142
13
reference_url https://support.apple.com/HT207143
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT207143
14
reference_url https://support.apple.com/HT207170
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.apple.com/HT207170
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1384424
reference_id 1384424
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1384424
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553
reference_id 840553
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553
17
reference_url https://security.archlinux.org/ASA-201611-2
reference_id ASA-201611-2
reference_type
scores
url https://security.archlinux.org/ASA-201611-2
18
reference_url https://security.archlinux.org/AVG-56
reference_id AVG-56
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-56
19
reference_url http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html
reference_id CVE-2016-4448.HTML
reference_type
scores
url http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4658
reference_id CVE-2016-4658
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4658
21
reference_url http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html
reference_id CVE-2016-4658.HTML
reference_type
scores
url http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html
22
reference_url http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html
reference_id CVE-2016-5131.HTML
reference_type
scores
url http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html
23
reference_url https://github.com/advisories/GHSA-fr52-4hqw-p27f
reference_id GHSA-fr52-4hqw-p27f
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fr52-4hqw-p27f
24
reference_url https://security.gentoo.org/glsa/201701-37
reference_id GLSA-201701-37
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201701-37
25
reference_url https://access.redhat.com/errata/RHSA-2021:3810
reference_id RHSA-2021:3810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3810
26
reference_url https://usn.ubuntu.com/3235-1/
reference_id USN-3235-1
reference_type
scores
url https://usn.ubuntu.com/3235-1/
fixed_packages
0
url pkg:gem/nokogiri@1.7.1
purl pkg:gem/nokogiri@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-22km-jmtd-yyde
1
vulnerability VCID-365e-j8ta-h7cn
2
vulnerability VCID-3f2w-tgya-x3cc
3
vulnerability VCID-43qu-922g-myca
4
vulnerability VCID-64c1-dzhs-u3gj
5
vulnerability VCID-6r5w-pgkx-v3cb
6
vulnerability VCID-7bpp-2hvk-2udv
7
vulnerability VCID-8geh-vfns-pfgs
8
vulnerability VCID-96v6-vs1m-skf3
9
vulnerability VCID-9hqf-12yh-bkc8
10
vulnerability VCID-9wgc-swf9-z7hq
11
vulnerability VCID-azzy-m5pc-qudn
12
vulnerability VCID-bejh-22y7-kuh6
13
vulnerability VCID-c6hb-sbhx-zqac
14
vulnerability VCID-cbm2-cez4-bqgh
15
vulnerability VCID-eb6k-ppfd-m7a3
16
vulnerability VCID-ek5d-m9pn-3fec
17
vulnerability VCID-ghbk-uumc-dug3
18
vulnerability VCID-gsar-pymk-43hs
19
vulnerability VCID-hzjv-gf8n-jka2
20
vulnerability VCID-jfh3-1sgm-7ug2
21
vulnerability VCID-jqdg-ebz9-t3e9
22
vulnerability VCID-m7km-hbm9-23h4
23
vulnerability VCID-n6za-rwad-tbaq
24
vulnerability VCID-nq12-ryyt-c7g9
25
vulnerability VCID-q732-nexj-1ue6
26
vulnerability VCID-qv3r-ppuc-zycz
27
vulnerability VCID-rsvx-3f49-v3an
28
vulnerability VCID-snr1-kaug-43aa
29
vulnerability VCID-sqa5-8yrd-qyfz
30
vulnerability VCID-sxp3-vtcq-pugw
31
vulnerability VCID-tdt5-asvh-ryaa
32
vulnerability VCID-tn87-vke6-kuf6
33
vulnerability VCID-txm2-sdc1-7uch
34
vulnerability VCID-u8gx-xbj9-97c7
35
vulnerability VCID-udew-3gre-13hy
36
vulnerability VCID-uf9q-1ds5-wbev
37
vulnerability VCID-vf7b-s3y3-sfhw
38
vulnerability VCID-vhyk-9tbb-quc3
39
vulnerability VCID-w8jf-tsmr-g7cd
40
vulnerability VCID-wc4g-sxyq-ubcd
41
vulnerability VCID-xd6j-x83x-r3gn
42
vulnerability VCID-y5vb-sn4p-eqd9
43
vulnerability VCID-yeku-1zjh-kbea
44
vulnerability VCID-zwzs-qztz-wbfj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.1
aliases CVE-2016-4658, GHSA-fr52-4hqw-p27f
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecde-c15q-ukh1
17
url VCID-ek5d-m9pn-3fec
vulnerability_id VCID-ek5d-m9pn-3fec
summary 
Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3517
reference_id
reference_type
scores
0
value 0.00107
scoring_system epss
scoring_elements 0.2884
published_at 2026-04-13T12:55:00Z
1
value 0.00107
scoring_system epss
scoring_elements 0.28891
published_at 2026-04-12T12:55:00Z
2
value 0.00107
scoring_system epss
scoring_elements 0.28821
published_at 2026-04-07T12:55:00Z
3
value 0.00107
scoring_system epss
scoring_elements 0.2893
published_at 2026-04-09T12:55:00Z
4
value 0.00107
scoring_system epss
scoring_elements 0.28889
published_at 2026-04-08T12:55:00Z
5
value 0.00107
scoring_system epss
scoring_elements 0.28934
published_at 2026-04-11T12:55:00Z
6
value 0.0011
scoring_system epss
scoring_elements 0.29474
published_at 2026-04-04T12:55:00Z
7
value 0.0011
scoring_system epss
scoring_elements 0.29358
published_at 2026-04-01T12:55:00Z
8
value 0.0011
scoring_system epss
scoring_elements 0.29427
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3517
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1954232
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=1954232
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml
6
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
7
reference_url https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579
8
reference_url https://github.com/sparklemotion/nokogiri/issues/2233
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/2233
9
reference_url https://github.com/sparklemotion/nokogiri/issues/2274
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/2274
10
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e
11
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
13
reference_url https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3517
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3517
19
reference_url https://security.netapp.com/advisory/ntap-20210625-0002
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210625-0002
20
reference_url https://security.netapp.com/advisory/ntap-20210625-0002/
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://security.netapp.com/advisory/ntap-20210625-0002/
21
reference_url https://security.netapp.com/advisory/ntap-20211022-0004
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20211022-0004
22
reference_url https://security.netapp.com/advisory/ntap-20211022-0004/
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://security.netapp.com/advisory/ntap-20211022-0004/
23
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
24
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
25
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
26
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738
reference_id 987738
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738
28
reference_url https://security.archlinux.org/AVG-1883
reference_id AVG-1883
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1883
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
30
reference_url https://github.com/advisories/GHSA-jw9f-hh49-cvp9
reference_id GHSA-jw9f-hh49-cvp9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jw9f-hh49-cvp9
31
reference_url https://security.gentoo.org/glsa/202107-05
reference_id GLSA-202107-05
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://security.gentoo.org/glsa/202107-05
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
33
reference_url https://access.redhat.com/errata/RHSA-2021:2569
reference_id RHSA-2021:2569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2569
34
reference_url https://access.redhat.com/errata/RHSA-2022:1389
reference_id RHSA-2022:1389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1389
35
reference_url https://access.redhat.com/errata/RHSA-2022:1390
reference_id RHSA-2022:1390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1390
36
reference_url https://usn.ubuntu.com/4991-1/
reference_id USN-4991-1
reference_type
scores
url https://usn.ubuntu.com/4991-1/
fixed_packages
0
url pkg:gem/nokogiri@1.11.4
purl pkg:gem/nokogiri@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-8geh-vfns-pfgs
4
vulnerability VCID-9wgc-swf9-z7hq
5
vulnerability VCID-c6hb-sbhx-zqac
6
vulnerability VCID-cbm2-cez4-bqgh
7
vulnerability VCID-eb6k-ppfd-m7a3
8
vulnerability VCID-ghbk-uumc-dug3
9
vulnerability VCID-gsar-pymk-43hs
10
vulnerability VCID-hzjv-gf8n-jka2
11
vulnerability VCID-jfh3-1sgm-7ug2
12
vulnerability VCID-jqdg-ebz9-t3e9
13
vulnerability VCID-m7km-hbm9-23h4
14
vulnerability VCID-nq12-ryyt-c7g9
15
vulnerability VCID-q732-nexj-1ue6
16
vulnerability VCID-snr1-kaug-43aa
17
vulnerability VCID-u8gx-xbj9-97c7
18
vulnerability VCID-udew-3gre-13hy
19
vulnerability VCID-uf9q-1ds5-wbev
20
vulnerability VCID-w8jf-tsmr-g7cd
21
vulnerability VCID-xd6j-x83x-r3gn
22
vulnerability VCID-y5vb-sn4p-eqd9
23
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4
aliases CVE-2021-3517, GHSA-jw9f-hh49-cvp9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ek5d-m9pn-3fec
18
url VCID-ghbk-uumc-dug3
vulnerability_id VCID-ghbk-uumc-dug3
summary 
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
## Summary

Nokogiri v1.16.5 upgrades its dependency libxml2 to [2.12.7](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7) from 2.12.6.

libxml2 v2.12.7 addresses CVE-2024-34459:

- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
- patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53


## Impact

There is no impact to Nokogiri users because the issue is present only in libxml2's `xmllint` tool which Nokogiri does not provide or expose.


## Timeline

- 2024-05-13 05:57 EDT, libxml2 2.12.7 release is announced
- 2024-05-13 08:30 EDT, nokogiri maintainers begin triage
- 2024-05-13 10:05 EDT, nokogiri [v1.16.5 is released](https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5) and this GHSA made public
references
0
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml
1
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
2
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5
3
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7
4
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53
5
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
6
reference_url https://github.com/advisories/GHSA-r95h-9x8f-r3f7
reference_id GHSA-r95h-9x8f-r3f7
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r95h-9x8f-r3f7
fixed_packages
0
url pkg:gem/nokogiri@1.16.5
purl pkg:gem/nokogiri@1.16.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6r5w-pgkx-v3cb
1
vulnerability VCID-jfh3-1sgm-7ug2
2
vulnerability VCID-q732-nexj-1ue6
3
vulnerability VCID-uf9q-1ds5-wbev
4
vulnerability VCID-w8jf-tsmr-g7cd
5
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.5
aliases GHSA-r95h-9x8f-r3f7
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghbk-uumc-dug3
19
url VCID-gsar-pymk-43hs
vulnerability_id VCID-gsar-pymk-43hs
summary 
Out-of-bounds Write in zlib affects Nokogiri
## Summary

Nokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032). That CVE is scored as CVSS 7.4 "High" on the NVD record as of 2022-04-05.

Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.13.4`, and only if the packaged version of `zlib` is being used. Please see [this document](https://nokogiri.org/LICENSE-DEPENDENCIES.html#default-platform-release-ruby) for a complete description of which platform gems vendor `zlib`. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro's `zlib` release announcements. 

## Mitigation

Upgrade to Nokogiri `>= v1.13.4`.

## Impact

### [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) in zlib

- **Severity**: High
- **Type**: [CWE-787](https://cwe.mitre.org/data/definitions/787.html) Out of bounds write
- **Description**: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
2
reference_url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-25032
reference_id CVE-2018-25032
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-25032
4
reference_url https://github.com/advisories/GHSA-jc36-42cf-vqwj
reference_id GHSA-jc36-42cf-vqwj
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-jc36-42cf-vqwj
5
reference_url https://github.com/advisories/GHSA-v6gp-9mmm-c6p5
reference_id GHSA-v6gp-9mmm-c6p5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v6gp-9mmm-c6p5
6
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
reference_id GHSA-v6gp-9mmm-c6p5
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
fixed_packages
0
url pkg:gem/nokogiri@1.13.4
purl pkg:gem/nokogiri@1.13.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-c6hb-sbhx-zqac
4
vulnerability VCID-eb6k-ppfd-m7a3
5
vulnerability VCID-ghbk-uumc-dug3
6
vulnerability VCID-hzjv-gf8n-jka2
7
vulnerability VCID-jfh3-1sgm-7ug2
8
vulnerability VCID-m7km-hbm9-23h4
9
vulnerability VCID-q732-nexj-1ue6
10
vulnerability VCID-snr1-kaug-43aa
11
vulnerability VCID-udew-3gre-13hy
12
vulnerability VCID-uf9q-1ds5-wbev
13
vulnerability VCID-w8jf-tsmr-g7cd
14
vulnerability VCID-y5vb-sn4p-eqd9
15
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4
aliases GHSA-v6gp-9mmm-c6p5, GMS-2022-787
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsar-pymk-43hs
20
url VCID-hzjv-gf8n-jka2
vulnerability_id VCID-hzjv-gf8n-jka2
summary 
Duplicate Advisory: Use-after-free in libxml2 via Nokogiri::XML::Reader
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xc9x-jj77-9p9j. This link is maintained to preserve external references.

# Original Description

### Summary

Nokogiri upgrades its dependency libxml2 as follows:
- v1.15.6 upgrades libxml2 to 2.11.7 from 2.11.6
- v1.16.2 upgrades libxml2 to 2.12.5 from 2.12.4

libxml2 v2.11.7 and v2.12.5 address the following vulnerability:

CVE-2024-25062 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062
- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
- patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970

Please note that this advisory only applies to the CRuby implementation of Nokogiri, and only if
the packaged libraries are being used. If you've overridden defaults at installation time to use
system libraries instead of packaged libraries, you should instead pay attention to your distro's
libxml2 release announcements.

JRuby users are not affected.

### Severity

The Nokogiri maintainers have evaluated this as **Moderate**.

### Impact

From the CVE description, this issue applies to the `xmlTextReader` module (which underlies
`Nokogiri::XML::Reader`):

> When using the XML Reader interface with DTD validation and XInclude expansion enabled,
> processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

### Mitigation

Upgrade to Nokogiri `~> 1.15.6` or `>= 1.16.2`.

Users who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile
and link Nokogiri against patched external libxml2 libraries which will also address these same
issues.
references
0
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml
1
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j
3
reference_url https://github.com/advisories/GHSA-vcc3-rw6f-jv97
reference_id GHSA-vcc3-rw6f-jv97
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vcc3-rw6f-jv97
fixed_packages
0
url pkg:gem/nokogiri@1.15.6
purl pkg:gem/nokogiri@1.15.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6r5w-pgkx-v3cb
1
vulnerability VCID-c6hb-sbhx-zqac
2
vulnerability VCID-ghbk-uumc-dug3
3
vulnerability VCID-jfh3-1sgm-7ug2
4
vulnerability VCID-q732-nexj-1ue6
5
vulnerability VCID-uf9q-1ds5-wbev
6
vulnerability VCID-w8jf-tsmr-g7cd
7
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.15.6
1
url pkg:gem/nokogiri@1.16.2
purl pkg:gem/nokogiri@1.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6r5w-pgkx-v3cb
1
vulnerability VCID-c6hb-sbhx-zqac
2
vulnerability VCID-ghbk-uumc-dug3
3
vulnerability VCID-jfh3-1sgm-7ug2
4
vulnerability VCID-q732-nexj-1ue6
5
vulnerability VCID-uf9q-1ds5-wbev
6
vulnerability VCID-w8jf-tsmr-g7cd
7
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.2
aliases GHSA-vcc3-rw6f-jv97
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hzjv-gf8n-jka2
21
url VCID-jfh3-1sgm-7ug2
vulnerability_id VCID-jfh3-1sgm-7ug2
summary 
Nokogiri does not check the return value from xmlC14NExecute
## Summary

Nokogiri's CRuby extension fails to check the return value from `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize` and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may allow downstream libraries to accept invalid or incomplete canonicalized XML, which has been demonstrated to enable signature validation bypass in SAML libraries.

JRuby is not affected, as the Java implementation correctly raises `RuntimeError` on canonicalization failure.

## Mitigation

Upgrade to Nokogiri `>= 1.19.1`.

## Severity

The maintainers have assessed this as **Medium** severity. Nokogiri itself is a parsing library without a clear security boundary related to canonicalization, so the direct impact is that a method returns incorrect data on invalid input. However, this behavior was exploited in practice to bypass SAML signature validation in downstream libraries (see References).

## Credit

This vulnerability was responsibly reported by HackerOne researcher `d4d`.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532
2
reference_url https://github.com/advisories/GHSA-wx95-c6cv-8532
reference_id GHSA-wx95-c6cv-8532
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wx95-c6cv-8532
fixed_packages
0
url pkg:gem/nokogiri@1.19.1
purl pkg:gem/nokogiri@1.19.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.19.1
aliases GHSA-wx95-c6cv-8532
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfh3-1sgm-7ug2
22
url VCID-jqdg-ebz9-t3e9
vulnerability_id VCID-jqdg-ebz9-t3e9
summary 
XML Injection in Xerces Java affects Nokogiri
## Summary

Nokogiri v1.13.4 updates the vendored `xerces:xercesImpl` from 2.12.0 to 2.12.2, which addresses [CVE-2022-23437](https://nvd.nist.gov/vuln/detail/CVE-2022-23437). That CVE is scored as CVSS 6.5 "Medium" on the NVD record.

Please note that this advisory only applies to the **JRuby** implementation of Nokogiri `< 1.13.4`.

## Mitigation

Upgrade to Nokogiri `>= v1.13.4`.

## Impact

### [CVE-2022-23437](https://nvd.nist.gov/vuln/detail/CVE-2022-23437) in xerces-J

- **Severity**: Medium
- **Type**: [CWE-91](https://cwe.mitre.org/data/definitions/91.html) XML Injection (aka Blind XPath Injection)
- **Description**: There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.
- **See also**: https://github.com/advisories/GHSA-h65f-jvqw-m9fj
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
2
reference_url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23437
reference_id CVE-2022-23437
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23437
4
reference_url https://github.com/advisories/GHSA-h65f-jvqw-m9fj
reference_id GHSA-h65f-jvqw-m9fj
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-h65f-jvqw-m9fj
5
reference_url https://github.com/advisories/GHSA-xxx9-3xcr-gjj3
reference_id GHSA-xxx9-3xcr-gjj3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxx9-3xcr-gjj3
6
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
reference_id GHSA-xxx9-3xcr-gjj3
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3
fixed_packages
0
url pkg:gem/nokogiri@1.13.4
purl pkg:gem/nokogiri@1.13.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-c6hb-sbhx-zqac
4
vulnerability VCID-eb6k-ppfd-m7a3
5
vulnerability VCID-ghbk-uumc-dug3
6
vulnerability VCID-hzjv-gf8n-jka2
7
vulnerability VCID-jfh3-1sgm-7ug2
8
vulnerability VCID-m7km-hbm9-23h4
9
vulnerability VCID-q732-nexj-1ue6
10
vulnerability VCID-snr1-kaug-43aa
11
vulnerability VCID-udew-3gre-13hy
12
vulnerability VCID-uf9q-1ds5-wbev
13
vulnerability VCID-w8jf-tsmr-g7cd
14
vulnerability VCID-y5vb-sn4p-eqd9
15
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4
aliases GHSA-xxx9-3xcr-gjj3, GMS-2022-788
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqdg-ebz9-t3e9
23
url VCID-m7km-hbm9-23h4
vulnerability_id VCID-m7km-hbm9-23h4
summary 
Integer Overflow or Wraparound in libxml2 affects Nokogiri
### Summary

Nokogiri v1.13.5 upgrades the packaged version of its dependency libxml2 from v2.9.13 to [v2.9.14](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14).

libxml2 v2.9.14 addresses [CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824). This version also includes several security-related bug fixes for which CVEs were not created, including a potential double-free, potential memory leaks, and integer-overflow.

Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.13.5`, and only if the _packaged_ libraries are being used. If you've overridden defaults at installation time to use _system_ libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` and `libxslt` release announcements.


### Mitigation

Upgrade to Nokogiri `>= 1.13.5`.

Users who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile and link Nokogiri against external libraries libxml2 `>= 2.9.14` which will also address these same issues.


### Impact

#### libxml2 [CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824)

- **CVSS3 score**:
  - Unspecified upstream
  - Nokogiri maintainers evaluate at 8.6 (High) ([CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)). Note that this is different from the CVSS assessed by NVD.
- **Type**: Denial of service, information disclosure
- **Description**: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a24

All versions of libml2 prior to v2.9.14 are affected.

Applications parsing or serializing multi-gigabyte documents (in excess of INT_MAX bytes) may be vulnerable to an integer overflow bug in buffer handling that could lead to exposure of confidential data, modification of unrelated data, or a segmentation fault resulting in a denial-of-service.


### References

- [libxml2 v2.9.14 release notes](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14)
- [CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824)
- [CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer](https://cwe.mitre.org/data/definitions/119.html)
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements
1
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
2
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.9.14
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29824
reference_id CVE-2022-29824
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29824
4
reference_url https://github.com/advisories/GHSA-cgx6-hpwq-fhv5
reference_id GHSA-cgx6-hpwq-fhv5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cgx6-hpwq-fhv5
fixed_packages
0
url pkg:gem/nokogiri@1.13.5
purl pkg:gem/nokogiri@1.13.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-c6hb-sbhx-zqac
4
vulnerability VCID-eb6k-ppfd-m7a3
5
vulnerability VCID-ghbk-uumc-dug3
6
vulnerability VCID-hzjv-gf8n-jka2
7
vulnerability VCID-jfh3-1sgm-7ug2
8
vulnerability VCID-q732-nexj-1ue6
9
vulnerability VCID-snr1-kaug-43aa
10
vulnerability VCID-udew-3gre-13hy
11
vulnerability VCID-uf9q-1ds5-wbev
12
vulnerability VCID-w8jf-tsmr-g7cd
13
vulnerability VCID-y5vb-sn4p-eqd9
14
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.5
aliases GHSA-cgx6-hpwq-fhv5, GMS-2022-1438
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7km-hbm9-23h4
24
url VCID-n6za-rwad-tbaq
vulnerability_id VCID-n6za-rwad-tbaq
summary 
Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12
### Summary

Nokogiri v1.11.4 updates the vendored libxml2 from v2.9.10 to v2.9.12 which addresses:

- [CVE-2019-20388](https://security.archlinux.org/CVE-2019-20388) (Medium severity)
- [CVE-2020-24977](https://security.archlinux.org/CVE-2020-24977) (Medium severity)
- [CVE-2021-3517](https://security.archlinux.org/CVE-2021-3517) (Medium severity)
- [CVE-2021-3518](https://security.archlinux.org/CVE-2021-3518) (Medium severity)
- [CVE-2021-3537](https://security.archlinux.org/CVE-2021-3537) (Low severity)
- [CVE-2021-3541](https://security.archlinux.org/CVE-2021-3541) (Low severity)

Note that two additional CVEs were addressed upstream but are not relevant to this release. [CVE-2021-3516](https://security.archlinux.org/CVE-2021-3516) via `xmllint` is not present in Nokogiri, and [CVE-2020-7595](https://security.archlinux.org/CVE-2020-7595) has been patched in Nokogiri since v1.10.8 (see #1992).

Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.11.4`, and only if the packaged version of libxml2 is being used. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` release announcements.


### Mitigation

Upgrade to Nokogiri `>= 1.11.4`.


### Impact

I've done a brief analysis of the published CVEs that are addressed in this upstream release. The libxml2 maintainers have not released a canonical set of CVEs, and so this list is pieced together from secondary sources and may be incomplete.

All information below is sourced from [security.archlinux.org](https://security.archlinux.org), which appears to have the most up-to-date information as of this analysis.

#### [CVE-2019-20388](https://security.archlinux.org/CVE-2019-20388)

- **Severity**: Medium
- **Type**: Denial of service
- **Description**: A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service.
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a

Verified that the fix commit first appears in v2.9.11. It seems possible that this issue would be present in programs using Nokogiri < v1.11.4.


#### [CVE-2020-7595](https://security.archlinux.org/CVE-2020-7595)

- **Severity**: Medium
- **Type**: Denial of service
- **Description**: xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5

This has been patched in Nokogiri since v1.10.8 (see #1992).


#### [CVE-2020-24977](https://security.archlinux.org/CVE-2020-24977)

- **Severity**: Medium
- **Type**: Information disclosure
- **Description**: GNOME project libxml2 <= 2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

Verified that the fix commit first appears in v2.9.11. It seems possible that this issue would be present in programs using Nokogiri < v1.11.4.


#### [CVE-2021-3516](https://security.archlinux.org/CVE-2021-3516)

- **Severity**: Medium
- **Type**: Arbitrary code execution (no remote vector)
- **Description**: A use-after-free security issue was found libxml2 before version 2.9.11 when "xmllint --html --push" is used to process crafted files.
- **Issue**: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539

Verified that the fix commit first appears in v2.9.11. This vector does not exist within Nokogiri, which does not ship `xmllint`.


#### [CVE-2021-3517](https://security.archlinux.org/CVE-2021-3517)

- **Severity**: Medium
- **Type**: Arbitrary code execution
- **Description**: A heap-based buffer overflow was found in libxml2 before version 2.9.11 when processing truncated UTF-8 input.
- **Issue**: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2

Verified that the fix commit first appears in v2.9.11. It seems possible that this issue would be present in programs using Nokogiri < v1.11.4.


#### [CVE-2021-3518](https://security.archlinux.org/CVE-2021-3518)

- **Severity**: Medium
- **Type**: Arbitrary code execution
- **Description**: A use-after-free security issue was found in libxml2 before version 2.9.11 in xmlXIncludeDoProcess() in xinclude.c when processing crafted files.
- **Issue**: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7

Verified that the fix commit first appears in v2.9.11. It seems possible that this issue would be present in programs using Nokogiri < v1.11.4.


#### [CVE-2021-3537](https://security.archlinux.org/CVE-2021-3537)

- **Severity**: Low
- **Type**: Denial of service
- **Description**: It was found that libxml2 before version 2.9.11 did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application.
- **Issue**: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61

Verified that the fix commit first appears in v2.9.11. It seems possible that this issue would be present in programs using Nokogiri < v1.11.4.


#### [CVE-2021-3541](https://security.archlinux.org/CVE-2021-3541)

- **Severity**: Low
- **Type**: Denial of service
- **Description**: A security issue was found in libxml2 before version 2.9.11. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
- **Fixed**: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e

Verified that the fix commit first appears in v2.9.11. It seems possible that this issue would be present in programs using Nokogiri < v1.11.4, however Nokogiri's default parse options prevent the attack from succeeding (it is necessary to opt into `DTDLOAD` which is off by default).

For more details supporting this analysis of this CVE, please visit #2233.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/commit/9b90a8854f74b5f672a437ba0043a503bc259d1b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/9b90a8854f74b5f672a437ba0043a503bc259d1b
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3541
reference_id CVE-2021-3541
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3541
4
reference_url https://github.com/advisories/GHSA-7rrm-v45f-jp64
reference_id GHSA-7rrm-v45f-jp64
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7rrm-v45f-jp64
fixed_packages
0
url pkg:gem/nokogiri@1.11.4
purl pkg:gem/nokogiri@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-8geh-vfns-pfgs
4
vulnerability VCID-9wgc-swf9-z7hq
5
vulnerability VCID-c6hb-sbhx-zqac
6
vulnerability VCID-cbm2-cez4-bqgh
7
vulnerability VCID-eb6k-ppfd-m7a3
8
vulnerability VCID-ghbk-uumc-dug3
9
vulnerability VCID-gsar-pymk-43hs
10
vulnerability VCID-hzjv-gf8n-jka2
11
vulnerability VCID-jfh3-1sgm-7ug2
12
vulnerability VCID-jqdg-ebz9-t3e9
13
vulnerability VCID-m7km-hbm9-23h4
14
vulnerability VCID-nq12-ryyt-c7g9
15
vulnerability VCID-q732-nexj-1ue6
16
vulnerability VCID-snr1-kaug-43aa
17
vulnerability VCID-u8gx-xbj9-97c7
18
vulnerability VCID-udew-3gre-13hy
19
vulnerability VCID-uf9q-1ds5-wbev
20
vulnerability VCID-w8jf-tsmr-g7cd
21
vulnerability VCID-xd6j-x83x-r3gn
22
vulnerability VCID-y5vb-sn4p-eqd9
23
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4
aliases GHSA-7rrm-v45f-jp64, GMS-2021-171
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6za-rwad-tbaq
25
url VCID-nq12-ryyt-c7g9
vulnerability_id VCID-nq12-ryyt-c7g9
summary Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in nokogiri.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/advisories/GHSA-fq42-c5rg-92c2
reference_id GHSA-fq42-c5rg-92c2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fq42-c5rg-92c2
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
reference_id GHSA-fq42-c5rg-92c2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2
fixed_packages
0
url pkg:gem/nokogiri@1.13.2
purl pkg:gem/nokogiri@1.13.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-9wgc-swf9-z7hq
4
vulnerability VCID-c6hb-sbhx-zqac
5
vulnerability VCID-eb6k-ppfd-m7a3
6
vulnerability VCID-ghbk-uumc-dug3
7
vulnerability VCID-gsar-pymk-43hs
8
vulnerability VCID-hzjv-gf8n-jka2
9
vulnerability VCID-jfh3-1sgm-7ug2
10
vulnerability VCID-jqdg-ebz9-t3e9
11
vulnerability VCID-m7km-hbm9-23h4
12
vulnerability VCID-q732-nexj-1ue6
13
vulnerability VCID-snr1-kaug-43aa
14
vulnerability VCID-u8gx-xbj9-97c7
15
vulnerability VCID-udew-3gre-13hy
16
vulnerability VCID-uf9q-1ds5-wbev
17
vulnerability VCID-w8jf-tsmr-g7cd
18
vulnerability VCID-xd6j-x83x-r3gn
19
vulnerability VCID-y5vb-sn4p-eqd9
20
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.2
aliases GHSA-fq42-c5rg-92c2, GMS-2022-163
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nq12-ryyt-c7g9
26
url VCID-q732-nexj-1ue6
vulnerability_id VCID-q732-nexj-1ue6
summary 
Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-vvfq-8hwr-qm4m. This link is maintained to preserve external references.

# Original Description

## Summary

Nokogiri v1.18.3 upgrades its dependency libxml2 to
[v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6).

libxml2 v2.13.6 addresses:

- CVE-2025-24928
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
- CVE-2024-56171
   - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

## Impact

### CVE-2025-24928

Stack-buffer overflow is possible when reporting DTD validation
errors if the input contains a long (~3kb) QName prefix.

### CVE-2024-56171

Use-after-free is possible during validation against untrusted
XML Schemas (.xsd) and, potentially, validation of untrusted documents
against trusted Schemas if they make use of `xsd:keyref` in combination
with recursively defined types that have additional identity constraints.
references
0
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml
1
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m
3
reference_url https://github.com/advisories/GHSA-5mwf-688x-mr7x
reference_id GHSA-5mwf-688x-mr7x
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5mwf-688x-mr7x
fixed_packages
0
url pkg:gem/nokogiri@1.18.3
purl pkg:gem/nokogiri@1.18.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6r5w-pgkx-v3cb
1
vulnerability VCID-jfh3-1sgm-7ug2
2
vulnerability VCID-uf9q-1ds5-wbev
3
vulnerability VCID-w8jf-tsmr-g7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.3
aliases GHSA-5mwf-688x-mr7x
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q732-nexj-1ue6
27
url VCID-qv3r-ppuc-zycz
vulnerability_id VCID-qv3r-ppuc-zycz
summary 
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
The Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7595
reference_id
reference_type
scores
0
value 0.00473
scoring_system epss
scoring_elements 0.64712
published_at 2026-04-13T12:55:00Z
1
value 0.00473
scoring_system epss
scoring_elements 0.6472
published_at 2026-04-08T12:55:00Z
2
value 0.00473
scoring_system epss
scoring_elements 0.64672
published_at 2026-04-07T12:55:00Z
3
value 0.00473
scoring_system epss
scoring_elements 0.64751
published_at 2026-04-11T12:55:00Z
4
value 0.00473
scoring_system epss
scoring_elements 0.6474
published_at 2026-04-12T12:55:00Z
5
value 0.00473
scoring_system epss
scoring_elements 0.64734
published_at 2026-04-09T12:55:00Z
6
value 0.00487
scoring_system epss
scoring_elements 0.65326
published_at 2026-04-01T12:55:00Z
7
value 0.00487
scoring_system epss
scoring_elements 0.65375
published_at 2026-04-02T12:55:00Z
8
value 0.00487
scoring_system epss
scoring_elements 0.65401
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7595
3
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml
7
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
8
reference_url https://github.com/sparklemotion/nokogiri/issues/1992
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1992
9
reference_url https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076
10
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7595
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7595
18
reference_url https://security.gentoo.org/glsa/202010-04
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://security.gentoo.org/glsa/202010-04
19
reference_url https://security.netapp.com/advisory/ntap-20200702-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200702-0005
20
reference_url https://security.netapp.com/advisory/ntap-20200702-0005/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://security.netapp.com/advisory/ntap-20200702-0005/
21
reference_url https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
22
reference_url https://usn.ubuntu.com/4274-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4274-1
23
reference_url https://usn.ubuntu.com/4274-1/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://usn.ubuntu.com/4274-1/
24
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
25
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://www.oracle.com/security-alerts/cpujul2020.html
26
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
27
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
28
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1799786
reference_id 1799786
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1799786
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
reference_id 545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
reference_id 5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
31
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582
reference_id 949582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582
32
reference_url https://security.archlinux.org/ASA-202011-15
reference_id ASA-202011-15
reference_type
scores
url https://security.archlinux.org/ASA-202011-15
33
reference_url https://security.archlinux.org/AVG-1263
reference_id AVG-1263
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1263
34
reference_url https://github.com/advisories/GHSA-7553-jr98-vx47
reference_id GHSA-7553-jr98-vx47
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7553-jr98-vx47
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
reference_id JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
36
reference_url https://access.redhat.com/errata/RHSA-2020:2644
reference_id RHSA-2020:2644
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2644
37
reference_url https://access.redhat.com/errata/RHSA-2020:2646
reference_id RHSA-2020:2646
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2646
38
reference_url https://access.redhat.com/errata/RHSA-2020:3996
reference_id RHSA-2020:3996
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3996
39
reference_url https://access.redhat.com/errata/RHSA-2020:4479
reference_id RHSA-2020:4479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4479
40
reference_url https://access.redhat.com/errata/RHSA-2021:0949
reference_id RHSA-2021:0949
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0949
fixed_packages
0
url pkg:gem/nokogiri@1.10.8
purl pkg:gem/nokogiri@1.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-7bpp-2hvk-2udv
4
vulnerability VCID-8geh-vfns-pfgs
5
vulnerability VCID-9hqf-12yh-bkc8
6
vulnerability VCID-9wgc-swf9-z7hq
7
vulnerability VCID-c6hb-sbhx-zqac
8
vulnerability VCID-cbm2-cez4-bqgh
9
vulnerability VCID-eb6k-ppfd-m7a3
10
vulnerability VCID-ek5d-m9pn-3fec
11
vulnerability VCID-ghbk-uumc-dug3
12
vulnerability VCID-gsar-pymk-43hs
13
vulnerability VCID-hzjv-gf8n-jka2
14
vulnerability VCID-jfh3-1sgm-7ug2
15
vulnerability VCID-jqdg-ebz9-t3e9
16
vulnerability VCID-m7km-hbm9-23h4
17
vulnerability VCID-n6za-rwad-tbaq
18
vulnerability VCID-nq12-ryyt-c7g9
19
vulnerability VCID-q732-nexj-1ue6
20
vulnerability VCID-rsvx-3f49-v3an
21
vulnerability VCID-snr1-kaug-43aa
22
vulnerability VCID-u8gx-xbj9-97c7
23
vulnerability VCID-udew-3gre-13hy
24
vulnerability VCID-uf9q-1ds5-wbev
25
vulnerability VCID-vf7b-s3y3-sfhw
26
vulnerability VCID-vhyk-9tbb-quc3
27
vulnerability VCID-w8jf-tsmr-g7cd
28
vulnerability VCID-xd6j-x83x-r3gn
29
vulnerability VCID-y5vb-sn4p-eqd9
30
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.8
aliases CVE-2020-7595, GHSA-7553-jr98-vx47
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qv3r-ppuc-zycz
28
url VCID-rsvx-3f49-v3an
vulnerability_id VCID-rsvx-3f49-v3an
summary 
Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)
A flaw was found in libxml2. By exploiting an exponential entity expansion attack its possible bypassing all existing protection mechanisms and lead to a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3541
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18918
published_at 2026-04-01T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.1887
published_at 2026-04-13T12:55:00Z
2
value 0.0006
scoring_system epss
scoring_elements 0.18968
published_at 2026-04-11T12:55:00Z
3
value 0.0006
scoring_system epss
scoring_elements 0.18921
published_at 2026-04-12T12:55:00Z
4
value 0.0006
scoring_system epss
scoring_elements 0.19054
published_at 2026-04-02T12:55:00Z
5
value 0.0006
scoring_system epss
scoring_elements 0.19106
published_at 2026-04-04T12:55:00Z
6
value 0.0006
scoring_system epss
scoring_elements 0.18828
published_at 2026-04-07T12:55:00Z
7
value 0.0006
scoring_system epss
scoring_elements 0.18907
published_at 2026-04-08T12:55:00Z
8
value 0.0006
scoring_system epss
scoring_elements 0.18962
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3541
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1950515
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1950515
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://security.netapp.com/advisory/ntap-20210805-0007/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210805-0007/
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603
reference_id 988603
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603
7
reference_url https://security.archlinux.org/AVG-1883
reference_id AVG-1883
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1883
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3541
reference_id CVE-2021-3541
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3541
9
reference_url https://security.gentoo.org/glsa/202107-05
reference_id GLSA-202107-05
reference_type
scores
url https://security.gentoo.org/glsa/202107-05
10
reference_url https://access.redhat.com/errata/RHSA-2021:2569
reference_id RHSA-2021:2569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2569
11
reference_url https://access.redhat.com/errata/RHSA-2022:1389
reference_id RHSA-2022:1389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1389
12
reference_url https://access.redhat.com/errata/RHSA-2022:1390
reference_id RHSA-2022:1390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1390
13
reference_url https://usn.ubuntu.com/4991-1/
reference_id USN-4991-1
reference_type
scores
url https://usn.ubuntu.com/4991-1/
fixed_packages
0
url pkg:gem/nokogiri@1.11.4
purl pkg:gem/nokogiri@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-8geh-vfns-pfgs
4
vulnerability VCID-9wgc-swf9-z7hq
5
vulnerability VCID-c6hb-sbhx-zqac
6
vulnerability VCID-cbm2-cez4-bqgh
7
vulnerability VCID-eb6k-ppfd-m7a3
8
vulnerability VCID-ghbk-uumc-dug3
9
vulnerability VCID-gsar-pymk-43hs
10
vulnerability VCID-hzjv-gf8n-jka2
11
vulnerability VCID-jfh3-1sgm-7ug2
12
vulnerability VCID-jqdg-ebz9-t3e9
13
vulnerability VCID-m7km-hbm9-23h4
14
vulnerability VCID-nq12-ryyt-c7g9
15
vulnerability VCID-q732-nexj-1ue6
16
vulnerability VCID-snr1-kaug-43aa
17
vulnerability VCID-u8gx-xbj9-97c7
18
vulnerability VCID-udew-3gre-13hy
19
vulnerability VCID-uf9q-1ds5-wbev
20
vulnerability VCID-w8jf-tsmr-g7cd
21
vulnerability VCID-xd6j-x83x-r3gn
22
vulnerability VCID-y5vb-sn4p-eqd9
23
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4
aliases CVE-2021-3541
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rsvx-3f49-v3an
29
url VCID-snr1-kaug-43aa
vulnerability_id VCID-snr1-kaug-43aa
summary Multiple vulnerabilities have been discovered in Nokogiri, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29181
reference_id
reference_type
scores
0
value 0.04183
scoring_system epss
scoring_elements 0.88682
published_at 2026-04-07T12:55:00Z
1
value 0.04183
scoring_system epss
scoring_elements 0.8871
published_at 2026-04-13T12:55:00Z
2
value 0.04183
scoring_system epss
scoring_elements 0.88717
published_at 2026-04-11T12:55:00Z
3
value 0.04183
scoring_system epss
scoring_elements 0.88705
published_at 2026-04-09T12:55:00Z
4
value 0.04183
scoring_system epss
scoring_elements 0.88699
published_at 2026-04-08T12:55:00Z
5
value 0.04293
scoring_system epss
scoring_elements 0.88835
published_at 2026-04-04T12:55:00Z
6
value 0.04293
scoring_system epss
scoring_elements 0.88819
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29181
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181
3
reference_url http://seclists.org/fulldisclosure/2022/Dec/23
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2022/Dec/23
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml
6
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
7
reference_url https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/
url https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
8
reference_url https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/
url https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
9
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
10
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29181
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29181
12
reference_url https://security.gentoo.org/glsa/202208-29
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-29
13
reference_url https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/
url https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
14
reference_url https://support.apple.com/kb/HT213532
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT213532
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2088684
reference_id 2088684
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2088684
16
reference_url https://github.com/advisories/GHSA-xh29-r2w5-wx8m
reference_id GHSA-xh29-r2w5-wx8m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh29-r2w5-wx8m
17
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
18
reference_url https://usn.ubuntu.com/7659-1/
reference_id USN-7659-1
reference_type
scores
url https://usn.ubuntu.com/7659-1/
fixed_packages
0
url pkg:gem/nokogiri@1.13.6
purl pkg:gem/nokogiri@1.13.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-c6hb-sbhx-zqac
4
vulnerability VCID-eb6k-ppfd-m7a3
5
vulnerability VCID-ghbk-uumc-dug3
6
vulnerability VCID-hzjv-gf8n-jka2
7
vulnerability VCID-jfh3-1sgm-7ug2
8
vulnerability VCID-q732-nexj-1ue6
9
vulnerability VCID-udew-3gre-13hy
10
vulnerability VCID-uf9q-1ds5-wbev
11
vulnerability VCID-w8jf-tsmr-g7cd
12
vulnerability VCID-y5vb-sn4p-eqd9
13
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.6
aliases CVE-2022-29181, GHSA-xh29-r2w5-wx8m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-snr1-kaug-43aa
30
url VCID-sqa5-8yrd-qyfz
vulnerability_id VCID-sqa5-8yrd-qyfz
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In the Loofah gem for Ruby, denylisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8048.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8048.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8048
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.71756
published_at 2026-04-13T12:55:00Z
1
value 0.00689
scoring_system epss
scoring_elements 0.71728
published_at 2026-04-02T12:55:00Z
2
value 0.00689
scoring_system epss
scoring_elements 0.71721
published_at 2026-04-01T12:55:00Z
3
value 0.00689
scoring_system epss
scoring_elements 0.71747
published_at 2026-04-04T12:55:00Z
4
value 0.00689
scoring_system epss
scoring_elements 0.71716
published_at 2026-04-07T12:55:00Z
5
value 0.00689
scoring_system epss
scoring_elements 0.71755
published_at 2026-04-08T12:55:00Z
6
value 0.00689
scoring_system epss
scoring_elements 0.71766
published_at 2026-04-09T12:55:00Z
7
value 0.00689
scoring_system epss
scoring_elements 0.71774
published_at 2026-04-12T12:55:00Z
8
value 0.00689
scoring_system epss
scoring_elements 0.7179
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8048
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8048
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-x7rv-cr6v-4vm4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-x7rv-cr6v-4vm4
5
reference_url https://github.com/flavorjones/loofah
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/flavorjones/loofah
6
reference_url https://github.com/flavorjones/loofah/commit/f739cf8eac5851f328b8044281d6653f74eff116
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/flavorjones/loofah/commit/f739cf8eac5851f328b8044281d6653f74eff116
7
reference_url https://github.com/flavorjones/loofah/issues/144
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/flavorjones/loofah/issues/144
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-8048.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-8048.yml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-8048.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-8048.yml
10
reference_url https://github.com/sparklemotion/nokogiri/pull/1746
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/pull/1746
11
reference_url https://security.netapp.com/advisory/ntap-20191122-0003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191122-0003
12
reference_url https://security.netapp.com/advisory/ntap-20191122-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191122-0003/
13
reference_url https://www.debian.org/security/2018/dsa-4171
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4171
14
reference_url http://www.openwall.com/lists/oss-security/2018/03/19/5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2018/03/19/5
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1559071
reference_id 1559071
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1559071
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596
reference_id 893596
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8048
reference_id CVE-2018-8048
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8048
fixed_packages
0
url pkg:gem/nokogiri@1.8.3
purl pkg:gem/nokogiri@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-64c1-dzhs-u3gj
3
vulnerability VCID-6r5w-pgkx-v3cb
4
vulnerability VCID-7bpp-2hvk-2udv
5
vulnerability VCID-8geh-vfns-pfgs
6
vulnerability VCID-96v6-vs1m-skf3
7
vulnerability VCID-9hqf-12yh-bkc8
8
vulnerability VCID-9wgc-swf9-z7hq
9
vulnerability VCID-bejh-22y7-kuh6
10
vulnerability VCID-c6hb-sbhx-zqac
11
vulnerability VCID-cbm2-cez4-bqgh
12
vulnerability VCID-eb6k-ppfd-m7a3
13
vulnerability VCID-ek5d-m9pn-3fec
14
vulnerability VCID-ghbk-uumc-dug3
15
vulnerability VCID-gsar-pymk-43hs
16
vulnerability VCID-hzjv-gf8n-jka2
17
vulnerability VCID-jfh3-1sgm-7ug2
18
vulnerability VCID-jqdg-ebz9-t3e9
19
vulnerability VCID-m7km-hbm9-23h4
20
vulnerability VCID-n6za-rwad-tbaq
21
vulnerability VCID-nq12-ryyt-c7g9
22
vulnerability VCID-q732-nexj-1ue6
23
vulnerability VCID-qv3r-ppuc-zycz
24
vulnerability VCID-rsvx-3f49-v3an
25
vulnerability VCID-snr1-kaug-43aa
26
vulnerability VCID-sxp3-vtcq-pugw
27
vulnerability VCID-tdt5-asvh-ryaa
28
vulnerability VCID-txm2-sdc1-7uch
29
vulnerability VCID-u8gx-xbj9-97c7
30
vulnerability VCID-udew-3gre-13hy
31
vulnerability VCID-uf9q-1ds5-wbev
32
vulnerability VCID-vf7b-s3y3-sfhw
33
vulnerability VCID-vhyk-9tbb-quc3
34
vulnerability VCID-w8jf-tsmr-g7cd
35
vulnerability VCID-xd6j-x83x-r3gn
36
vulnerability VCID-y5vb-sn4p-eqd9
37
vulnerability VCID-yeku-1zjh-kbea
38
vulnerability VCID-zwzs-qztz-wbfj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.3
aliases CVE-2018-8048, GHSA-x7rv-cr6v-4vm4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sqa5-8yrd-qyfz
31
url VCID-sxp3-vtcq-pugw
vulnerability_id VCID-sxp3-vtcq-pugw
summary 
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.

Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.34, which contains a patch for this issue.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
4
reference_url https://access.redhat.com/errata/RHSA-2020:0514
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0514
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18197
reference_id
reference_type
scores
0
value 0.04534
scoring_system epss
scoring_elements 0.89173
published_at 2026-04-12T12:55:00Z
1
value 0.04534
scoring_system epss
scoring_elements 0.89177
published_at 2026-04-11T12:55:00Z
2
value 0.04534
scoring_system epss
scoring_elements 0.89167
published_at 2026-04-09T12:55:00Z
3
value 0.04534
scoring_system epss
scoring_elements 0.89161
published_at 2026-04-08T12:55:00Z
4
value 0.04534
scoring_system epss
scoring_elements 0.89143
published_at 2026-04-07T12:55:00Z
5
value 0.04534
scoring_system epss
scoring_elements 0.89141
published_at 2026-04-04T12:55:00Z
6
value 0.04534
scoring_system epss
scoring_elements 0.89126
published_at 2026-04-02T12:55:00Z
7
value 0.04534
scoring_system epss
scoring_elements 0.89118
published_at 2026-04-01T12:55:00Z
8
value 0.04534
scoring_system epss
scoring_elements 0.89171
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18197
7
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
8
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
9
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197
11
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml
13
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
14
reference_url https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934
15
reference_url https://github.com/sparklemotion/nokogiri/issues/1943
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1943
16
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
17
reference_url https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18197
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:P/I:P/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18197
19
reference_url https://security.netapp.com/advisory/ntap-20191031-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191031-0004
20
reference_url https://security.netapp.com/advisory/ntap-20191031-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191031-0004/
21
reference_url https://security.netapp.com/advisory/ntap-20200416-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200416-0004
22
reference_url https://security.netapp.com/advisory/ntap-20200416-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200416-0004/
23
reference_url https://usn.ubuntu.com/4164-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4164-1
24
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
25
reference_url http://www.openwall.com/lists/oss-security/2019/11/17/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/11/17/2
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1770768
reference_id 1770768
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1770768
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646
reference_id 942646
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646
28
reference_url https://security.archlinux.org/ASA-202002-3
reference_id ASA-202002-3
reference_type
scores
url https://security.archlinux.org/ASA-202002-3
29
reference_url https://security.archlinux.org/AVG-1092
reference_id AVG-1092
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1092
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*
reference_id cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
reference_id cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
39
reference_url https://github.com/advisories/GHSA-242x-7cm6-4w8j
reference_id GHSA-242x-7cm6-4w8j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-242x-7cm6-4w8j
40
reference_url https://access.redhat.com/errata/RHSA-2020:4005
reference_id RHSA-2020:4005
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4005
41
reference_url https://access.redhat.com/errata/RHSA-2020:4464
reference_id RHSA-2020:4464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4464
42
reference_url https://usn.ubuntu.com/4164-1/
reference_id USN-4164-1
reference_type
scores
url https://usn.ubuntu.com/4164-1/
fixed_packages
0
url pkg:gem/nokogiri@1.10.5
purl pkg:gem/nokogiri@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-7bpp-2hvk-2udv
4
vulnerability VCID-8geh-vfns-pfgs
5
vulnerability VCID-9hqf-12yh-bkc8
6
vulnerability VCID-9wgc-swf9-z7hq
7
vulnerability VCID-c6hb-sbhx-zqac
8
vulnerability VCID-cbm2-cez4-bqgh
9
vulnerability VCID-eb6k-ppfd-m7a3
10
vulnerability VCID-ek5d-m9pn-3fec
11
vulnerability VCID-ghbk-uumc-dug3
12
vulnerability VCID-gsar-pymk-43hs
13
vulnerability VCID-hzjv-gf8n-jka2
14
vulnerability VCID-jfh3-1sgm-7ug2
15
vulnerability VCID-jqdg-ebz9-t3e9
16
vulnerability VCID-m7km-hbm9-23h4
17
vulnerability VCID-n6za-rwad-tbaq
18
vulnerability VCID-nq12-ryyt-c7g9
19
vulnerability VCID-q732-nexj-1ue6
20
vulnerability VCID-qv3r-ppuc-zycz
21
vulnerability VCID-rsvx-3f49-v3an
22
vulnerability VCID-snr1-kaug-43aa
23
vulnerability VCID-u8gx-xbj9-97c7
24
vulnerability VCID-udew-3gre-13hy
25
vulnerability VCID-uf9q-1ds5-wbev
26
vulnerability VCID-vf7b-s3y3-sfhw
27
vulnerability VCID-vhyk-9tbb-quc3
28
vulnerability VCID-w8jf-tsmr-g7cd
29
vulnerability VCID-xd6j-x83x-r3gn
30
vulnerability VCID-y5vb-sn4p-eqd9
31
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5
aliases CVE-2019-18197, GHSA-242x-7cm6-4w8j
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sxp3-vtcq-pugw
32
url VCID-tdt5-asvh-ryaa
vulnerability_id VCID-tdt5-asvh-ryaa
summary 
Bypass of a protection mechanism in libxslt
The libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html
4
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11068
reference_id
reference_type
scores
0
value 0.01127
scoring_system epss
scoring_elements 0.78295
published_at 2026-04-13T12:55:00Z
1
value 0.01127
scoring_system epss
scoring_elements 0.78291
published_at 2026-04-09T12:55:00Z
2
value 0.01127
scoring_system epss
scoring_elements 0.78285
published_at 2026-04-08T12:55:00Z
3
value 0.01127
scoring_system epss
scoring_elements 0.78259
published_at 2026-04-07T12:55:00Z
4
value 0.01127
scoring_system epss
scoring_elements 0.78277
published_at 2026-04-04T12:55:00Z
5
value 0.01127
scoring_system epss
scoring_elements 0.78246
published_at 2026-04-02T12:55:00Z
6
value 0.01127
scoring_system epss
scoring_elements 0.78238
published_at 2026-04-01T12:55:00Z
7
value 0.01127
scoring_system epss
scoring_elements 0.78317
published_at 2026-04-11T12:55:00Z
8
value 0.01127
scoring_system epss
scoring_elements 0.783
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11068
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml
10
reference_url https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826
11
reference_url https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9
12
reference_url https://github.com/sparklemotion/nokogiri/issues/1892
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1892
13
reference_url https://github.com/sparklemotion/nokogiri/pull/1898
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/pull/1898
14
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
15
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/
25
reference_url https://security.netapp.com/advisory/ntap-20191017-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191017-0001
26
reference_url https://security.netapp.com/advisory/ntap-20191017-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191017-0001/
27
reference_url https://usn.ubuntu.com/3947-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3947-1
28
reference_url https://usn.ubuntu.com/3947-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3947-1/
29
reference_url https://usn.ubuntu.com/3947-2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3947-2
30
reference_url https://usn.ubuntu.com/3947-2/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3947-2/
31
reference_url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
32
reference_url http://www.openwall.com/lists/oss-security/2019/04/22/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/04/22/1
33
reference_url http://www.openwall.com/lists/oss-security/2019/04/23/5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/04/23/5
34
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1709697
reference_id 1709697
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1709697
35
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895
reference_id 926895
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
reference_id cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
reference_id cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
reference_id cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
reference_id cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
reference_id cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:8.0:update_221:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
67
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11068
reference_id CVE-2019-11068
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11068
68
reference_url https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068
reference_id CVE-2019-11068
reference_type
scores
url https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068
69
reference_url https://security-tracker.debian.org/tracker/CVE-2019-11068
reference_id CVE-2019-11068
reference_type
scores
url https://security-tracker.debian.org/tracker/CVE-2019-11068
70
reference_url https://github.com/advisories/GHSA-qxcg-xjjg-66mj
reference_id GHSA-qxcg-xjjg-66mj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qxcg-xjjg-66mj
71
reference_url https://access.redhat.com/errata/RHSA-2020:4005
reference_id RHSA-2020:4005
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4005
72
reference_url https://access.redhat.com/errata/RHSA-2020:4464
reference_id RHSA-2020:4464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4464
fixed_packages
0
url pkg:gem/nokogiri@1.10.3
purl pkg:gem/nokogiri@1.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-64c1-dzhs-u3gj
3
vulnerability VCID-6r5w-pgkx-v3cb
4
vulnerability VCID-7bpp-2hvk-2udv
5
vulnerability VCID-8geh-vfns-pfgs
6
vulnerability VCID-96v6-vs1m-skf3
7
vulnerability VCID-9hqf-12yh-bkc8
8
vulnerability VCID-9wgc-swf9-z7hq
9
vulnerability VCID-c6hb-sbhx-zqac
10
vulnerability VCID-cbm2-cez4-bqgh
11
vulnerability VCID-eb6k-ppfd-m7a3
12
vulnerability VCID-ek5d-m9pn-3fec
13
vulnerability VCID-ghbk-uumc-dug3
14
vulnerability VCID-gsar-pymk-43hs
15
vulnerability VCID-hzjv-gf8n-jka2
16
vulnerability VCID-jfh3-1sgm-7ug2
17
vulnerability VCID-jqdg-ebz9-t3e9
18
vulnerability VCID-m7km-hbm9-23h4
19
vulnerability VCID-n6za-rwad-tbaq
20
vulnerability VCID-nq12-ryyt-c7g9
21
vulnerability VCID-q732-nexj-1ue6
22
vulnerability VCID-qv3r-ppuc-zycz
23
vulnerability VCID-rsvx-3f49-v3an
24
vulnerability VCID-snr1-kaug-43aa
25
vulnerability VCID-sxp3-vtcq-pugw
26
vulnerability VCID-txm2-sdc1-7uch
27
vulnerability VCID-u8gx-xbj9-97c7
28
vulnerability VCID-udew-3gre-13hy
29
vulnerability VCID-uf9q-1ds5-wbev
30
vulnerability VCID-vf7b-s3y3-sfhw
31
vulnerability VCID-vhyk-9tbb-quc3
32
vulnerability VCID-w8jf-tsmr-g7cd
33
vulnerability VCID-xd6j-x83x-r3gn
34
vulnerability VCID-y5vb-sn4p-eqd9
35
vulnerability VCID-yeku-1zjh-kbea
36
vulnerability VCID-zwzs-qztz-wbfj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.3
1
url pkg:gem/nokogiri@1.10.4
purl pkg:gem/nokogiri@1.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-7bpp-2hvk-2udv
4
vulnerability VCID-8geh-vfns-pfgs
5
vulnerability VCID-9hqf-12yh-bkc8
6
vulnerability VCID-9wgc-swf9-z7hq
7
vulnerability VCID-c6hb-sbhx-zqac
8
vulnerability VCID-cbm2-cez4-bqgh
9
vulnerability VCID-eb6k-ppfd-m7a3
10
vulnerability VCID-ek5d-m9pn-3fec
11
vulnerability VCID-ghbk-uumc-dug3
12
vulnerability VCID-gsar-pymk-43hs
13
vulnerability VCID-hzjv-gf8n-jka2
14
vulnerability VCID-jfh3-1sgm-7ug2
15
vulnerability VCID-jqdg-ebz9-t3e9
16
vulnerability VCID-m7km-hbm9-23h4
17
vulnerability VCID-n6za-rwad-tbaq
18
vulnerability VCID-nq12-ryyt-c7g9
19
vulnerability VCID-q732-nexj-1ue6
20
vulnerability VCID-qv3r-ppuc-zycz
21
vulnerability VCID-rsvx-3f49-v3an
22
vulnerability VCID-snr1-kaug-43aa
23
vulnerability VCID-sxp3-vtcq-pugw
24
vulnerability VCID-txm2-sdc1-7uch
25
vulnerability VCID-u8gx-xbj9-97c7
26
vulnerability VCID-udew-3gre-13hy
27
vulnerability VCID-uf9q-1ds5-wbev
28
vulnerability VCID-vf7b-s3y3-sfhw
29
vulnerability VCID-vhyk-9tbb-quc3
30
vulnerability VCID-w8jf-tsmr-g7cd
31
vulnerability VCID-xd6j-x83x-r3gn
32
vulnerability VCID-y5vb-sn4p-eqd9
33
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4
aliases CVE-2019-11068, GHSA-qxcg-xjjg-66mj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tdt5-asvh-ryaa
33
url VCID-tn87-vke6-kuf6
vulnerability_id VCID-tn87-vke6-kuf6
summary 
Use After Free
Use after free in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:3401
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3401
1
reference_url https://access.redhat.com/errata/RHSA-2018:0287
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0287
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15412
reference_id
reference_type
scores
0
value 0.01891
scoring_system epss
scoring_elements 0.83181
published_at 2026-04-09T12:55:00Z
1
value 0.01891
scoring_system epss
scoring_elements 0.83187
published_at 2026-04-13T12:55:00Z
2
value 0.01891
scoring_system epss
scoring_elements 0.83149
published_at 2026-04-07T12:55:00Z
3
value 0.01891
scoring_system epss
scoring_elements 0.83174
published_at 2026-04-08T12:55:00Z
4
value 0.01891
scoring_system epss
scoring_elements 0.83191
published_at 2026-04-12T12:55:00Z
5
value 0.01891
scoring_system epss
scoring_elements 0.83197
published_at 2026-04-11T12:55:00Z
6
value 0.01943
scoring_system epss
scoring_elements 0.8337
published_at 2026-04-01T12:55:00Z
7
value 0.01943
scoring_system epss
scoring_elements 0.83383
published_at 2026-04-02T12:55:00Z
8
value 0.01943
scoring_system epss
scoring_elements 0.83398
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15412
4
reference_url https://bugzilla.gnome.org/show_bug.cgi?id=783160
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.gnome.org/show_bug.cgi?id=783160
5
reference_url https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
6
reference_url https://crbug.com/727039
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://crbug.com/727039
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml
10
reference_url https://github.com/sparklemotion/nokogiri/issues/1714
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1714
11
reference_url https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html
12
reference_url https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348
13
reference_url https://www.debian.org/security/2018/dsa-4086
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4086
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1523128
reference_id 1523128
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1523128
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790
reference_id 883790
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790
16
reference_url https://security.archlinux.org/ASA-201712-5
reference_id ASA-201712-5
reference_type
scores
url https://security.archlinux.org/ASA-201712-5
17
reference_url https://security.archlinux.org/AVG-544
reference_id AVG-544
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-544
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15412
reference_id CVE-2017-15412
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-15412
19
reference_url https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html
reference_id CVE-2017-15412.HTML
reference_type
scores
url https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html
20
reference_url https://github.com/advisories/GHSA-r58r-74gx-6wx3
reference_id GHSA-r58r-74gx-6wx3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r58r-74gx-6wx3
21
reference_url https://security.gentoo.org/glsa/201801-03
reference_id GLSA-201801-03
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201801-03
22
reference_url https://access.redhat.com/errata/RHSA-2020:1190
reference_id RHSA-2020:1190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1190
23
reference_url https://usn.ubuntu.com/3513-1/
reference_id USN-3513-1
reference_type
scores
url https://usn.ubuntu.com/3513-1/
24
reference_url https://usn.ubuntu.com/3513-2/
reference_id USN-3513-2
reference_type
scores
url https://usn.ubuntu.com/3513-2/
fixed_packages
0
url pkg:gem/nokogiri@1.8.2
purl pkg:gem/nokogiri@1.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-64c1-dzhs-u3gj
3
vulnerability VCID-6r5w-pgkx-v3cb
4
vulnerability VCID-7bpp-2hvk-2udv
5
vulnerability VCID-8geh-vfns-pfgs
6
vulnerability VCID-96v6-vs1m-skf3
7
vulnerability VCID-9hqf-12yh-bkc8
8
vulnerability VCID-9wgc-swf9-z7hq
9
vulnerability VCID-bejh-22y7-kuh6
10
vulnerability VCID-c6hb-sbhx-zqac
11
vulnerability VCID-cbm2-cez4-bqgh
12
vulnerability VCID-eb6k-ppfd-m7a3
13
vulnerability VCID-ek5d-m9pn-3fec
14
vulnerability VCID-ghbk-uumc-dug3
15
vulnerability VCID-gsar-pymk-43hs
16
vulnerability VCID-hzjv-gf8n-jka2
17
vulnerability VCID-jfh3-1sgm-7ug2
18
vulnerability VCID-jqdg-ebz9-t3e9
19
vulnerability VCID-m7km-hbm9-23h4
20
vulnerability VCID-n6za-rwad-tbaq
21
vulnerability VCID-nq12-ryyt-c7g9
22
vulnerability VCID-q732-nexj-1ue6
23
vulnerability VCID-qv3r-ppuc-zycz
24
vulnerability VCID-rsvx-3f49-v3an
25
vulnerability VCID-snr1-kaug-43aa
26
vulnerability VCID-sqa5-8yrd-qyfz
27
vulnerability VCID-sxp3-vtcq-pugw
28
vulnerability VCID-tdt5-asvh-ryaa
29
vulnerability VCID-txm2-sdc1-7uch
30
vulnerability VCID-u8gx-xbj9-97c7
31
vulnerability VCID-udew-3gre-13hy
32
vulnerability VCID-uf9q-1ds5-wbev
33
vulnerability VCID-vf7b-s3y3-sfhw
34
vulnerability VCID-vhyk-9tbb-quc3
35
vulnerability VCID-w8jf-tsmr-g7cd
36
vulnerability VCID-xd6j-x83x-r3gn
37
vulnerability VCID-y5vb-sn4p-eqd9
38
vulnerability VCID-yeku-1zjh-kbea
39
vulnerability VCID-zwzs-qztz-wbfj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.2
aliases CVE-2017-15412, GHSA-r58r-74gx-6wx3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tn87-vke6-kuf6
34
url VCID-txm2-sdc1-7uch
vulnerability_id VCID-txm2-sdc1-7uch
summary 
Improper Input Validation
In `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13117
reference_id
reference_type
scores
0
value 0.04457
scoring_system epss
scoring_elements 0.89074
published_at 2026-04-12T12:55:00Z
1
value 0.04457
scoring_system epss
scoring_elements 0.89078
published_at 2026-04-11T12:55:00Z
2
value 0.04457
scoring_system epss
scoring_elements 0.89066
published_at 2026-04-09T12:55:00Z
3
value 0.04457
scoring_system epss
scoring_elements 0.89062
published_at 2026-04-08T12:55:00Z
4
value 0.04457
scoring_system epss
scoring_elements 0.89044
published_at 2026-04-07T12:55:00Z
5
value 0.04457
scoring_system epss
scoring_elements 0.89043
published_at 2026-04-04T12:55:00Z
6
value 0.04457
scoring_system epss
scoring_elements 0.89019
published_at 2026-04-01T12:55:00Z
7
value 0.04457
scoring_system epss
scoring_elements 0.89072
published_at 2026-04-13T12:55:00Z
8
value 0.04457
scoring_system epss
scoring_elements 0.89027
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13117
3
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml
7
reference_url https://github.com/sparklemotion/nokogiri/issues/1943
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1943
8
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
9
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
11
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
14
reference_url https://oss-fuzz.com/testcase-detail/5631739747106816
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://oss-fuzz.com/testcase-detail/5631739747106816
15
reference_url https://security.netapp.com/advisory/ntap-20190806-0004
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190806-0004
16
reference_url https://security.netapp.com/advisory/ntap-20190806-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190806-0004/
17
reference_url https://security.netapp.com/advisory/ntap-20200122-0003
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200122-0003
18
reference_url https://security.netapp.com/advisory/ntap-20200122-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200122-0003/
19
reference_url https://usn.ubuntu.com/4164-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4164-1
20
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2020.html
21
reference_url http://www.openwall.com/lists/oss-security/2019/11/17/2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/11/17/2
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1728546
reference_id 1728546
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1728546
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321
reference_id 931321
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13117
reference_id CVE-2019-13117
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13117
25
reference_url https://github.com/advisories/GHSA-4hm9-844j-jmxp
reference_id GHSA-4hm9-844j-jmxp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4hm9-844j-jmxp
26
reference_url https://usn.ubuntu.com/4164-1/
reference_id USN-4164-1
reference_type
scores
url https://usn.ubuntu.com/4164-1/
fixed_packages
0
url pkg:gem/nokogiri@1.10.5
purl pkg:gem/nokogiri@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-7bpp-2hvk-2udv
4
vulnerability VCID-8geh-vfns-pfgs
5
vulnerability VCID-9hqf-12yh-bkc8
6
vulnerability VCID-9wgc-swf9-z7hq
7
vulnerability VCID-c6hb-sbhx-zqac
8
vulnerability VCID-cbm2-cez4-bqgh
9
vulnerability VCID-eb6k-ppfd-m7a3
10
vulnerability VCID-ek5d-m9pn-3fec
11
vulnerability VCID-ghbk-uumc-dug3
12
vulnerability VCID-gsar-pymk-43hs
13
vulnerability VCID-hzjv-gf8n-jka2
14
vulnerability VCID-jfh3-1sgm-7ug2
15
vulnerability VCID-jqdg-ebz9-t3e9
16
vulnerability VCID-m7km-hbm9-23h4
17
vulnerability VCID-n6za-rwad-tbaq
18
vulnerability VCID-nq12-ryyt-c7g9
19
vulnerability VCID-q732-nexj-1ue6
20
vulnerability VCID-qv3r-ppuc-zycz
21
vulnerability VCID-rsvx-3f49-v3an
22
vulnerability VCID-snr1-kaug-43aa
23
vulnerability VCID-u8gx-xbj9-97c7
24
vulnerability VCID-udew-3gre-13hy
25
vulnerability VCID-uf9q-1ds5-wbev
26
vulnerability VCID-vf7b-s3y3-sfhw
27
vulnerability VCID-vhyk-9tbb-quc3
28
vulnerability VCID-w8jf-tsmr-g7cd
29
vulnerability VCID-xd6j-x83x-r3gn
30
vulnerability VCID-y5vb-sn4p-eqd9
31
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5
aliases CVE-2019-13117, GHSA-4hm9-844j-jmxp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-txm2-sdc1-7uch
35
url VCID-u8gx-xbj9-97c7
vulnerability_id VCID-u8gx-xbj9-97c7
summary 
Denial of Service (DoS) in Nokogiri on JRuby
## Summary

Nokogiri `v1.13.4` updates the vendored `org.cyberneko.html` library to `1.9.22.noko2` which addresses [CVE-2022-24839](https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv). That CVE is rated 7.5 (High Severity).

See [GHSA-9849-p7jc-9rmv](https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv) for more information.

Please note that this advisory only applies to the **JRuby** implementation of Nokogiri `< 1.13.4`.


## Mitigation

Upgrade to Nokogiri `>= 1.13.4`.


## Impact

### [CVE-2022-24839](https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv) in nekohtml

- **Severity**: High 7.5
- **Type**: [CWE-400](https://cwe.mitre.org/data/definitions/400.html) Uncontrolled Resource Consumption
- **Description**: The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup.
- **See also**: [GHSA-9849-p7jc-9rmv](https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv)
references
0
reference_url https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d
1
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
2
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
3
reference_url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
reference_id
reference_type
scores
url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
4
reference_url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24839
reference_id CVE-2022-24839
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24839
6
reference_url https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
reference_id GHSA-9849-p7jc-9rmv
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
7
reference_url https://github.com/advisories/GHSA-gx8x-g87m-h5q6
reference_id GHSA-gx8x-g87m-h5q6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gx8x-g87m-h5q6
8
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-gx8x-g87m-h5q6
reference_id GHSA-gx8x-g87m-h5q6
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-gx8x-g87m-h5q6
fixed_packages
0
url pkg:gem/nokogiri@1.13.4
purl pkg:gem/nokogiri@1.13.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-c6hb-sbhx-zqac
4
vulnerability VCID-eb6k-ppfd-m7a3
5
vulnerability VCID-ghbk-uumc-dug3
6
vulnerability VCID-hzjv-gf8n-jka2
7
vulnerability VCID-jfh3-1sgm-7ug2
8
vulnerability VCID-m7km-hbm9-23h4
9
vulnerability VCID-q732-nexj-1ue6
10
vulnerability VCID-snr1-kaug-43aa
11
vulnerability VCID-udew-3gre-13hy
12
vulnerability VCID-uf9q-1ds5-wbev
13
vulnerability VCID-w8jf-tsmr-g7cd
14
vulnerability VCID-y5vb-sn4p-eqd9
15
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4
aliases GHSA-gx8x-g87m-h5q6, GMS-2022-786
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u8gx-xbj9-97c7
36
url VCID-udew-3gre-13hy
vulnerability_id VCID-udew-3gre-13hy
summary Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40303
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39746
published_at 2026-04-02T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39712
published_at 2026-04-13T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39768
published_at 2026-04-04T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39687
published_at 2026-04-07T12:55:00Z
4
value 0.00181
scoring_system epss
scoring_elements 0.39741
published_at 2026-04-08T12:55:00Z
5
value 0.00181
scoring_system epss
scoring_elements 0.39755
published_at 2026-04-09T12:55:00Z
6
value 0.00181
scoring_system epss
scoring_elements 0.39765
published_at 2026-04-11T12:55:00Z
7
value 0.00181
scoring_system epss
scoring_elements 0.39729
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40303
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
7
reference_url https://nokogiri.org/CHANGELOG.html#1139-2022-10-18
reference_id
reference_type
scores
url https://nokogiri.org/CHANGELOG.html#1139-2022-10-18
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224
reference_id 1022224
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224
9
reference_url http://seclists.org/fulldisclosure/2022/Dec/21
reference_id 21
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url http://seclists.org/fulldisclosure/2022/Dec/21
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2136266
reference_id 2136266
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2136266
11
reference_url http://seclists.org/fulldisclosure/2022/Dec/24
reference_id 24
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url http://seclists.org/fulldisclosure/2022/Dec/24
12
reference_url http://seclists.org/fulldisclosure/2022/Dec/25
reference_id 25
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url http://seclists.org/fulldisclosure/2022/Dec/25
13
reference_url http://seclists.org/fulldisclosure/2022/Dec/26
reference_id 26
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url http://seclists.org/fulldisclosure/2022/Dec/26
14
reference_url http://seclists.org/fulldisclosure/2022/Dec/27
reference_id 27
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url http://seclists.org/fulldisclosure/2022/Dec/27
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40303
reference_id CVE-2022-40303
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-40303
16
reference_url https://security.gentoo.org/glsa/202210-39
reference_id GLSA-202210-39
reference_type
scores
url https://security.gentoo.org/glsa/202210-39
17
reference_url https://support.apple.com/kb/HT213531
reference_id HT213531
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://support.apple.com/kb/HT213531
18
reference_url https://support.apple.com/kb/HT213533
reference_id HT213533
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://support.apple.com/kb/HT213533
19
reference_url https://support.apple.com/kb/HT213534
reference_id HT213534
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://support.apple.com/kb/HT213534
20
reference_url https://support.apple.com/kb/HT213535
reference_id HT213535
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://support.apple.com/kb/HT213535
21
reference_url https://support.apple.com/kb/HT213536
reference_id HT213536
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://support.apple.com/kb/HT213536
22
reference_url https://security.netapp.com/advisory/ntap-20221209-0003/
reference_id ntap-20221209-0003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://security.netapp.com/advisory/ntap-20221209-0003/
23
reference_url https://access.redhat.com/errata/RHSA-2022:8841
reference_id RHSA-2022:8841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8841
24
reference_url https://access.redhat.com/errata/RHSA-2023:0173
reference_id RHSA-2023:0173
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0173
25
reference_url https://access.redhat.com/errata/RHSA-2023:0338
reference_id RHSA-2023:0338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0338
26
reference_url https://access.redhat.com/errata/RHSA-2024:0413
reference_id RHSA-2024:0413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0413
27
reference_url https://usn.ubuntu.com/5760-1/
reference_id USN-5760-1
reference_type
scores
url https://usn.ubuntu.com/5760-1/
28
reference_url https://usn.ubuntu.com/5760-2/
reference_id USN-5760-2
reference_type
scores
url https://usn.ubuntu.com/5760-2/
29
reference_url https://usn.ubuntu.com/7659-1/
reference_id USN-7659-1
reference_type
scores
url https://usn.ubuntu.com/7659-1/
fixed_packages
0
url pkg:gem/nokogiri@1.13.9
purl pkg:gem/nokogiri@1.13.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-6r5w-pgkx-v3cb
2
vulnerability VCID-c6hb-sbhx-zqac
3
vulnerability VCID-eru7-uy2t-d3ef
4
vulnerability VCID-ghbk-uumc-dug3
5
vulnerability VCID-hzjv-gf8n-jka2
6
vulnerability VCID-jfh3-1sgm-7ug2
7
vulnerability VCID-q732-nexj-1ue6
8
vulnerability VCID-uf9q-1ds5-wbev
9
vulnerability VCID-w8jf-tsmr-g7cd
10
vulnerability VCID-y5vb-sn4p-eqd9
11
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.9
aliases CVE-2022-40303
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-udew-3gre-13hy
37
url VCID-uf9q-1ds5-wbev
vulnerability_id VCID-uf9q-1ds5-wbev
summary 
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs
## Summary

Nokogiri v1.18.4 upgrades its dependency libxslt to [v1.1.43](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43).

libxslt v1.1.43 resolves:

- CVE-2025-24855: Fix use-after-free of XPath context node
- CVE-2024-55549: Fix UAF related to excluded namespaces

## Impact

### CVE-2025-24855

- "Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node"
- MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
- Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855

### CVE-2024-55549

- "Use-after-free related to excluded result prefixes"
- MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
- Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-mrxw-mxhj-p664
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements
1
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-mrxw-mxhj-p664
2
reference_url https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxslt/-/issues/127
3
reference_url https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxslt/-/issues/128
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55549
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55549
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24855
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24855
6
reference_url https://github.com/advisories/GHSA-mrxw-mxhj-p664
reference_id GHSA-mrxw-mxhj-p664
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrxw-mxhj-p664
fixed_packages
0
url pkg:gem/nokogiri@1.18.4
purl pkg:gem/nokogiri@1.18.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6r5w-pgkx-v3cb
1
vulnerability VCID-jfh3-1sgm-7ug2
2
vulnerability VCID-w8jf-tsmr-g7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.4
aliases GHSA-mrxw-mxhj-p664
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uf9q-1ds5-wbev
38
url VCID-vf7b-s3y3-sfhw
vulnerability_id VCID-vf7b-s3y3-sfhw
summary 
Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3537
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29532
published_at 2026-04-13T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29584
published_at 2026-04-12T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.34266
published_at 2026-04-02T12:55:00Z
3
value 0.0014
scoring_system epss
scoring_elements 0.34299
published_at 2026-04-04T12:55:00Z
4
value 0.0014
scoring_system epss
scoring_elements 0.33927
published_at 2026-04-01T12:55:00Z
5
value 0.00155
scoring_system epss
scoring_elements 0.3626
published_at 2026-04-07T12:55:00Z
6
value 0.00155
scoring_system epss
scoring_elements 0.36337
published_at 2026-04-11T12:55:00Z
7
value 0.00155
scoring_system epss
scoring_elements 0.36331
published_at 2026-04-09T12:55:00Z
8
value 0.00155
scoring_system epss
scoring_elements 0.36309
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3537
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1956522
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1956522
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml
6
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
7
reference_url https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722
8
reference_url https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
13
reference_url https://nokogiri.org/CHANGELOG.html#1114-2021-05-14
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nokogiri.org/CHANGELOG.html#1114-2021-05-14
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3537
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3537
15
reference_url https://security.netapp.com/advisory/ntap-20210625-0002
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210625-0002
16
reference_url https://security.netapp.com/advisory/ntap-20210625-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210625-0002/
17
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
18
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
19
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123
reference_id 988123
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123
21
reference_url https://security.archlinux.org/AVG-1883
reference_id AVG-1883
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1883
22
reference_url https://github.com/advisories/GHSA-286v-pcf5-25rc
reference_id GHSA-286v-pcf5-25rc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-286v-pcf5-25rc
23
reference_url https://security.gentoo.org/glsa/202107-05
reference_id GLSA-202107-05
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-05
24
reference_url https://access.redhat.com/errata/RHSA-2021:2569
reference_id RHSA-2021:2569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2569
25
reference_url https://access.redhat.com/errata/RHSA-2022:1389
reference_id RHSA-2022:1389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1389
26
reference_url https://access.redhat.com/errata/RHSA-2022:1390
reference_id RHSA-2022:1390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1390
27
reference_url https://usn.ubuntu.com/4991-1/
reference_id USN-4991-1
reference_type
scores
url https://usn.ubuntu.com/4991-1/
fixed_packages
0
url pkg:gem/nokogiri@1.11.4
purl pkg:gem/nokogiri@1.11.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-8geh-vfns-pfgs
4
vulnerability VCID-9wgc-swf9-z7hq
5
vulnerability VCID-c6hb-sbhx-zqac
6
vulnerability VCID-cbm2-cez4-bqgh
7
vulnerability VCID-eb6k-ppfd-m7a3
8
vulnerability VCID-ghbk-uumc-dug3
9
vulnerability VCID-gsar-pymk-43hs
10
vulnerability VCID-hzjv-gf8n-jka2
11
vulnerability VCID-jfh3-1sgm-7ug2
12
vulnerability VCID-jqdg-ebz9-t3e9
13
vulnerability VCID-m7km-hbm9-23h4
14
vulnerability VCID-nq12-ryyt-c7g9
15
vulnerability VCID-q732-nexj-1ue6
16
vulnerability VCID-snr1-kaug-43aa
17
vulnerability VCID-u8gx-xbj9-97c7
18
vulnerability VCID-udew-3gre-13hy
19
vulnerability VCID-uf9q-1ds5-wbev
20
vulnerability VCID-w8jf-tsmr-g7cd
21
vulnerability VCID-xd6j-x83x-r3gn
22
vulnerability VCID-y5vb-sn4p-eqd9
23
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4
aliases CVE-2021-3537, GHSA-286v-pcf5-25rc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vf7b-s3y3-sfhw
39
url VCID-vhyk-9tbb-quc3
vulnerability_id VCID-vhyk-9tbb-quc3
summary 
Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability
### Severity

Nokogiri maintainers have evaluated this as [__Low Severity__ (CVSS3 2.6)](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N).


### Description

In Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by `Nokogiri::XML::Schema` are **trusted** by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks.

This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as **untrusted** by default whenever possible.

Please note that this security fix was pushed into a new minor version, 1.11.x, rather than a patch release to the 1.10.x branch, because it is a breaking change for some schemas and the risk was assessed to be "Low Severity".


### Affected Versions

Nokogiri `<= 1.10.10` as well as prereleases `1.11.0.rc1`, `1.11.0.rc2`, and `1.11.0.rc3`


### Mitigation

There are no known workarounds for affected versions. Upgrade to Nokogiri `1.11.0.rc4` or later.

If, after upgrading to `1.11.0.rc4` or later, you wish to re-enable network access for resolution of external resources (i.e., return to the previous behavior):

1. Ensure the input is trusted. Do not enable this option for untrusted input.
2. When invoking the `Nokogiri::XML::Schema` constructor, pass as the second parameter an instance of `Nokogiri::XML::ParseOptions` with the `NONET` flag turned off.

So if your previous code was:

``` ruby
# in v1.11.0.rc3 and earlier, this call allows resources to be accessed over the network
# but in v1.11.0.rc4 and later, this call will disallow network access for external resources
schema = Nokogiri::XML::Schema.new(schema)

# in v1.11.0.rc4 and later, the following is equivalent to the code above
# (the second parameter is optional, and this demonstrates its default value)
schema = Nokogiri::XML::Schema.new(schema, Nokogiri::XML::ParseOptions::DEFAULT_SCHEMA)
```

Then you can add the second parameter to indicate that the input is trusted by changing it to:

``` ruby
# in v1.11.0.rc3 and earlier, this would raise an ArgumentError 
# but in v1.11.0.rc4 and later, this allows resources to be accessed over the network
schema = Nokogiri::XML::Schema.new(trusted_schema, Nokogiri::XML::ParseOptions.new.nononet)
```


### References

- [This issue's public advisory](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m)
- [Original Hackerone report (private)](https://hackerone.com/reports/747489)
- [OWASP description of XXE attack](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing)
- [OWASP description of SSRF attack](https://www.owasp.org/index.php/Server_Side_Request_Forgery)


### Credit 

This vulnerability was independently reported by @eric-therond and @gucki.

The Nokogiri maintainers would like to thank [HackerOne](https://hackerone.com/nokogiri) for providing a secure, responsible mechanism for reporting, and for providing their fantastic service to us.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26247
reference_id
reference_type
scores
0
value 0.00717
scoring_system epss
scoring_elements 0.72425
published_at 2026-04-13T12:55:00Z
1
value 0.00717
scoring_system epss
scoring_elements 0.72434
published_at 2026-04-12T12:55:00Z
2
value 0.00717
scoring_system epss
scoring_elements 0.72451
published_at 2026-04-11T12:55:00Z
3
value 0.00717
scoring_system epss
scoring_elements 0.72428
published_at 2026-04-09T12:55:00Z
4
value 0.00717
scoring_system epss
scoring_elements 0.72416
published_at 2026-04-08T12:55:00Z
5
value 0.00717
scoring_system epss
scoring_elements 0.72377
published_at 2026-04-07T12:55:00Z
6
value 0.00717
scoring_system epss
scoring_elements 0.72399
published_at 2026-04-04T12:55:00Z
7
value 0.00717
scoring_system epss
scoring_elements 0.72381
published_at 2026-04-02T12:55:00Z
8
value 0.00717
scoring_system epss
scoring_elements 0.72376
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26247
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26247
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26247
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml
5
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
6
reference_url https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03
7
reference_url https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b
8
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4
9
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
10
reference_url https://hackerone.com/reports/747489
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/747489
11
reference_url https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html
12
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26247
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26247
14
reference_url https://rubygems.org/gems/nokogiri
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/nokogiri
15
reference_url https://security.gentoo.org/glsa/202208-29
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-29
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1912487
reference_id 1912487
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1912487
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967
reference_id 978967
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967
18
reference_url https://github.com/advisories/GHSA-vr8q-g5c7-m54m
reference_id GHSA-vr8q-g5c7-m54m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vr8q-g5c7-m54m
19
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
20
reference_url https://access.redhat.com/errata/RHSA-2021:5191
reference_id RHSA-2021:5191
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5191
21
reference_url https://usn.ubuntu.com/7659-1/
reference_id USN-7659-1
reference_type
scores
url https://usn.ubuntu.com/7659-1/
fixed_packages
0
url pkg:gem/nokogiri@1.11.0
purl pkg:gem/nokogiri@1.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-8geh-vfns-pfgs
4
vulnerability VCID-9hqf-12yh-bkc8
5
vulnerability VCID-9wgc-swf9-z7hq
6
vulnerability VCID-c6hb-sbhx-zqac
7
vulnerability VCID-cbm2-cez4-bqgh
8
vulnerability VCID-eb6k-ppfd-m7a3
9
vulnerability VCID-ek5d-m9pn-3fec
10
vulnerability VCID-ghbk-uumc-dug3
11
vulnerability VCID-gsar-pymk-43hs
12
vulnerability VCID-hzjv-gf8n-jka2
13
vulnerability VCID-jfh3-1sgm-7ug2
14
vulnerability VCID-jqdg-ebz9-t3e9
15
vulnerability VCID-m7km-hbm9-23h4
16
vulnerability VCID-n6za-rwad-tbaq
17
vulnerability VCID-nq12-ryyt-c7g9
18
vulnerability VCID-q732-nexj-1ue6
19
vulnerability VCID-rsvx-3f49-v3an
20
vulnerability VCID-snr1-kaug-43aa
21
vulnerability VCID-u8gx-xbj9-97c7
22
vulnerability VCID-udew-3gre-13hy
23
vulnerability VCID-uf9q-1ds5-wbev
24
vulnerability VCID-vf7b-s3y3-sfhw
25
vulnerability VCID-w8jf-tsmr-g7cd
26
vulnerability VCID-xd6j-x83x-r3gn
27
vulnerability VCID-y5vb-sn4p-eqd9
28
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.0
aliases CVE-2020-26247, GHSA-vr8q-g5c7-m54m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhyk-9tbb-quc3
40
url VCID-w8jf-tsmr-g7cd
vulnerability_id VCID-w8jf-tsmr-g7cd
summary 
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
## Summary

Nokogiri v1.18.8 upgrades its dependency libxml2 to [v2.13.8](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8).

libxml2 v2.13.8 addresses:

- CVE-2025-32414
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
- CVE-2025-32415
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/890

## Impact

### CVE-2025-32414: No impact

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

**There is no impact** from this CVE for Nokogiri users.


### CVE-2025-32415: Low impact

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

In the upstream issue, further context is provided by the maintainer:

> The bug affects validation against untrusted XML Schemas (.xsd) and validation of untrusted
> documents against trusted Schemas if they make use of xsd:keyref in combination with recursively
> defined types that have additional identity constraints.

MITRE has published a severity score of 2.9 LOW (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) for this CVE.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc
2
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
3
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
4
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8
5
reference_url https://github.com/advisories/GHSA-5w6v-399v-w3cc
reference_id GHSA-5w6v-399v-w3cc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5w6v-399v-w3cc
fixed_packages
0
url pkg:gem/nokogiri@1.18.8
purl pkg:gem/nokogiri@1.18.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6r5w-pgkx-v3cb
1
vulnerability VCID-jfh3-1sgm-7ug2
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.8
aliases GHSA-5w6v-399v-w3cc
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8jf-tsmr-g7cd
41
url VCID-wc4g-sxyq-ubcd
vulnerability_id VCID-wc4g-sxyq-ubcd
summary 
Allocation of Resources Without Limits or Throttling
The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18258
reference_id
reference_type
scores
0
value 0.0079
scoring_system epss
scoring_elements 0.73872
published_at 2026-04-13T12:55:00Z
1
value 0.0079
scoring_system epss
scoring_elements 0.7388
published_at 2026-04-12T12:55:00Z
2
value 0.0079
scoring_system epss
scoring_elements 0.73824
published_at 2026-04-01T12:55:00Z
3
value 0.0079
scoring_system epss
scoring_elements 0.73876
published_at 2026-04-09T12:55:00Z
4
value 0.0079
scoring_system epss
scoring_elements 0.73898
published_at 2026-04-11T12:55:00Z
5
value 0.0079
scoring_system epss
scoring_elements 0.73833
published_at 2026-04-02T12:55:00Z
6
value 0.0079
scoring_system epss
scoring_elements 0.73858
published_at 2026-04-04T12:55:00Z
7
value 0.0079
scoring_system epss
scoring_elements 0.73829
published_at 2026-04-07T12:55:00Z
8
value 0.0079
scoring_system epss
scoring_elements 0.73863
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18258
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml
6
reference_url https://kc.mcafee.com/corporate/index?page=content&id=SB10284
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://kc.mcafee.com/corporate/index?page=content&id=SB10284
7
reference_url https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
8
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
9
reference_url https://security.netapp.com/advisory/ntap-20190719-0001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190719-0001
10
reference_url https://security.netapp.com/advisory/ntap-20190719-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190719-0001/
11
reference_url https://usn.ubuntu.com/3739-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3739-1
12
reference_url https://usn.ubuntu.com/3739-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3739-1/
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1566749
reference_id 1566749
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1566749
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245
reference_id 895245
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245
15
reference_url https://security.archlinux.org/AVG-671
reference_id AVG-671
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-671
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18258
reference_id CVE-2017-18258
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18258
17
reference_url https://github.com/advisories/GHSA-882p-jqgm-f45g
reference_id GHSA-882p-jqgm-f45g
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-882p-jqgm-f45g
18
reference_url https://access.redhat.com/errata/RHSA-2020:1190
reference_id RHSA-2020:1190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1190
fixed_packages
0
url pkg:gem/nokogiri@1.8.2
purl pkg:gem/nokogiri@1.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-64c1-dzhs-u3gj
3
vulnerability VCID-6r5w-pgkx-v3cb
4
vulnerability VCID-7bpp-2hvk-2udv
5
vulnerability VCID-8geh-vfns-pfgs
6
vulnerability VCID-96v6-vs1m-skf3
7
vulnerability VCID-9hqf-12yh-bkc8
8
vulnerability VCID-9wgc-swf9-z7hq
9
vulnerability VCID-bejh-22y7-kuh6
10
vulnerability VCID-c6hb-sbhx-zqac
11
vulnerability VCID-cbm2-cez4-bqgh
12
vulnerability VCID-eb6k-ppfd-m7a3
13
vulnerability VCID-ek5d-m9pn-3fec
14
vulnerability VCID-ghbk-uumc-dug3
15
vulnerability VCID-gsar-pymk-43hs
16
vulnerability VCID-hzjv-gf8n-jka2
17
vulnerability VCID-jfh3-1sgm-7ug2
18
vulnerability VCID-jqdg-ebz9-t3e9
19
vulnerability VCID-m7km-hbm9-23h4
20
vulnerability VCID-n6za-rwad-tbaq
21
vulnerability VCID-nq12-ryyt-c7g9
22
vulnerability VCID-q732-nexj-1ue6
23
vulnerability VCID-qv3r-ppuc-zycz
24
vulnerability VCID-rsvx-3f49-v3an
25
vulnerability VCID-snr1-kaug-43aa
26
vulnerability VCID-sqa5-8yrd-qyfz
27
vulnerability VCID-sxp3-vtcq-pugw
28
vulnerability VCID-tdt5-asvh-ryaa
29
vulnerability VCID-txm2-sdc1-7uch
30
vulnerability VCID-u8gx-xbj9-97c7
31
vulnerability VCID-udew-3gre-13hy
32
vulnerability VCID-uf9q-1ds5-wbev
33
vulnerability VCID-vf7b-s3y3-sfhw
34
vulnerability VCID-vhyk-9tbb-quc3
35
vulnerability VCID-w8jf-tsmr-g7cd
36
vulnerability VCID-xd6j-x83x-r3gn
37
vulnerability VCID-y5vb-sn4p-eqd9
38
vulnerability VCID-yeku-1zjh-kbea
39
vulnerability VCID-zwzs-qztz-wbfj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.2
aliases CVE-2017-18258, GHSA-882p-jqgm-f45g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4g-sxyq-ubcd
42
url VCID-xd6j-x83x-r3gn
vulnerability_id VCID-xd6j-x83x-r3gn
summary 
Out-of-bounds Write
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-25032
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.24064
published_at 2026-04-02T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.24102
published_at 2026-04-04T12:55:00Z
2
value 0.00081
scoring_system epss
scoring_elements 0.23937
published_at 2026-04-01T12:55:00Z
3
value 0.00089
scoring_system epss
scoring_elements 0.25394
published_at 2026-04-09T12:55:00Z
4
value 0.00089
scoring_system epss
scoring_elements 0.2535
published_at 2026-04-08T12:55:00Z
5
value 0.00089
scoring_system epss
scoring_elements 0.25282
published_at 2026-04-07T12:55:00Z
6
value 0.00089
scoring_system epss
scoring_elements 0.25311
published_at 2026-04-13T12:55:00Z
7
value 0.00089
scoring_system epss
scoring_elements 0.25364
published_at 2026-04-12T12:55:00Z
8
value 0.00089
scoring_system epss
scoring_elements 0.25406
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-25032
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
4
reference_url http://seclists.org/fulldisclosure/2022/May/33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url http://seclists.org/fulldisclosure/2022/May/33
5
reference_url http://seclists.org/fulldisclosure/2022/May/35
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url http://seclists.org/fulldisclosure/2022/May/35
6
reference_url http://seclists.org/fulldisclosure/2022/May/38
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url http://seclists.org/fulldisclosure/2022/May/38
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
9
reference_url https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
10
reference_url https://github.com/madler/zlib/issues/605
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://github.com/madler/zlib/issues/605
11
reference_url https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
12
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
13
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
26
reference_url https://security.gentoo.org/glsa/202210-42
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://security.gentoo.org/glsa/202210-42
27
reference_url https://security.netapp.com/advisory/ntap-20220526-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220526-0009
28
reference_url https://security.netapp.com/advisory/ntap-20220526-0009/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://security.netapp.com/advisory/ntap-20220526-0009/
29
reference_url https://security.netapp.com/advisory/ntap-20220729-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220729-0004
30
reference_url https://security.netapp.com/advisory/ntap-20220729-0004/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://security.netapp.com/advisory/ntap-20220729-0004/
31
reference_url https://support.apple.com/kb/HT213255
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://support.apple.com/kb/HT213255
32
reference_url https://support.apple.com/kb/HT213256
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://support.apple.com/kb/HT213256
33
reference_url https://support.apple.com/kb/HT213257
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://support.apple.com/kb/HT213257
34
reference_url https://www.debian.org/security/2022/dsa-5111
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://www.debian.org/security/2022/dsa-5111
35
reference_url https://www.openwall.com/lists/oss-security/2022/03/24/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://www.openwall.com/lists/oss-security/2022/03/24/1
36
reference_url https://www.openwall.com/lists/oss-security/2022/03/28/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://www.openwall.com/lists/oss-security/2022/03/28/1
37
reference_url https://www.openwall.com/lists/oss-security/2022/03/28/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://www.openwall.com/lists/oss-security/2022/03/28/3
38
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
39
reference_url http://www.openwall.com/lists/oss-security/2022/03/25/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url http://www.openwall.com/lists/oss-security/2022/03/25/2
40
reference_url http://www.openwall.com/lists/oss-security/2022/03/26/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url http://www.openwall.com/lists/oss-security/2022/03/26/1
41
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008265
reference_id 1008265
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008265
42
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2067945
reference_id 2067945
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2067945
43
reference_url https://security.archlinux.org/ASA-202204-3
reference_id ASA-202204-3
reference_type
scores
url https://security.archlinux.org/ASA-202204-3
44
reference_url https://security.archlinux.org/AVG-2657
reference_id AVG-2657
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2657
45
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-25032
reference_id CVE-2018-25032
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-25032
46
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml
reference_id CVE-2018-25032.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml
47
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
reference_id DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
48
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
reference_id DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
49
reference_url https://github.com/advisories/GHSA-jc36-42cf-vqwj
reference_id GHSA-jc36-42cf-vqwj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jc36-42cf-vqwj
50
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
reference_id GHSA-v6gp-9mmm-c6p5
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
51
reference_url https://security.gentoo.org/glsa/202405-22
reference_id GLSA-202405-22
reference_type
scores
url https://security.gentoo.org/glsa/202405-22
52
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
reference_id JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
53
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
reference_id NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
54
reference_url https://access.redhat.com/errata/RHSA-2022:1591
reference_id RHSA-2022:1591
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1591
55
reference_url https://access.redhat.com/errata/RHSA-2022:1642
reference_id RHSA-2022:1642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1642
56
reference_url https://access.redhat.com/errata/RHSA-2022:1661
reference_id RHSA-2022:1661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1661
57
reference_url https://access.redhat.com/errata/RHSA-2022:2192
reference_id RHSA-2022:2192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2192
58
reference_url https://access.redhat.com/errata/RHSA-2022:2197
reference_id RHSA-2022:2197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2197
59
reference_url https://access.redhat.com/errata/RHSA-2022:2198
reference_id RHSA-2022:2198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2198
60
reference_url https://access.redhat.com/errata/RHSA-2022:2201
reference_id RHSA-2022:2201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2201
61
reference_url https://access.redhat.com/errata/RHSA-2022:2213
reference_id RHSA-2022:2213
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2213
62
reference_url https://access.redhat.com/errata/RHSA-2022:2214
reference_id RHSA-2022:2214
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2214
63
reference_url https://access.redhat.com/errata/RHSA-2022:4584
reference_id RHSA-2022:4584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4584
64
reference_url https://access.redhat.com/errata/RHSA-2022:4592
reference_id RHSA-2022:4592
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4592
65
reference_url https://access.redhat.com/errata/RHSA-2022:4845
reference_id RHSA-2022:4845
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4845
66
reference_url https://access.redhat.com/errata/RHSA-2022:4896
reference_id RHSA-2022:4896
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4896
67
reference_url https://access.redhat.com/errata/RHSA-2022:5439
reference_id RHSA-2022:5439
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5439
68
reference_url https://access.redhat.com/errata/RHSA-2022:7144
reference_id RHSA-2022:7144
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7144
69
reference_url https://access.redhat.com/errata/RHSA-2022:7813
reference_id RHSA-2022:7813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7813
70
reference_url https://access.redhat.com/errata/RHSA-2022:8420
reference_id RHSA-2022:8420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8420
71
reference_url https://access.redhat.com/errata/RHSA-2023:0943
reference_id RHSA-2023:0943
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0943
72
reference_url https://access.redhat.com/errata/RHSA-2023:0975
reference_id RHSA-2023:0975
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0975
73
reference_url https://access.redhat.com/errata/RHSA-2023:0976
reference_id RHSA-2023:0976
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0976
74
reference_url https://usn.ubuntu.com/5355-1/
reference_id USN-5355-1
reference_type
scores
url https://usn.ubuntu.com/5355-1/
75
reference_url https://usn.ubuntu.com/5355-2/
reference_id USN-5355-2
reference_type
scores
url https://usn.ubuntu.com/5355-2/
76
reference_url https://usn.ubuntu.com/5359-1/
reference_id USN-5359-1
reference_type
scores
url https://usn.ubuntu.com/5359-1/
77
reference_url https://usn.ubuntu.com/5359-2/
reference_id USN-5359-2
reference_type
scores
url https://usn.ubuntu.com/5359-2/
78
reference_url https://usn.ubuntu.com/5739-1/
reference_id USN-5739-1
reference_type
scores
url https://usn.ubuntu.com/5739-1/
79
reference_url https://usn.ubuntu.com/6736-1/
reference_id USN-6736-1
reference_type
scores
url https://usn.ubuntu.com/6736-1/
80
reference_url https://usn.ubuntu.com/6736-2/
reference_id USN-6736-2
reference_type
scores
url https://usn.ubuntu.com/6736-2/
81
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
reference_id VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
82
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
reference_id XOKFMSNQ5D5WGMALBNBXU3GE442V74WU
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
fixed_packages
0
url pkg:gem/nokogiri@1.13.4
purl pkg:gem/nokogiri@1.13.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-c6hb-sbhx-zqac
4
vulnerability VCID-eb6k-ppfd-m7a3
5
vulnerability VCID-ghbk-uumc-dug3
6
vulnerability VCID-hzjv-gf8n-jka2
7
vulnerability VCID-jfh3-1sgm-7ug2
8
vulnerability VCID-m7km-hbm9-23h4
9
vulnerability VCID-q732-nexj-1ue6
10
vulnerability VCID-snr1-kaug-43aa
11
vulnerability VCID-udew-3gre-13hy
12
vulnerability VCID-uf9q-1ds5-wbev
13
vulnerability VCID-w8jf-tsmr-g7cd
14
vulnerability VCID-y5vb-sn4p-eqd9
15
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4
aliases CVE-2018-25032, GHSA-jc36-42cf-vqwj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xd6j-x83x-r3gn
43
url VCID-y5vb-sn4p-eqd9
vulnerability_id VCID-y5vb-sn4p-eqd9
summary 
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
### Summary

Nokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to [v2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4) from v2.10.3.

libxml2 v2.10.4 addresses the following known vulnerabilities:

- [CVE-2023-29469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469): Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484): Fix null deref in xmlSchemaFixupComplexType
- Schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK

Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.14.3`, and only if the _packaged_ libraries are being used. If you've overridden defaults at installation time to use _system_ libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` release announcements.


### Mitigation

Upgrade to Nokogiri `>= 1.14.3`.

Users who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile and link Nokogiri against external libraries libxml2 `>= 2.10.4` which will also address these same issues.


### Impact

No public information has yet been published about the security-related issues other than the upstream commits. Examination of those changesets indicate that the more serious issues relate to libxml2 dereferencing NULL pointers and potentially segfaulting while parsing untrusted inputs.

The commits can be examined at:

- [[CVE-2023-29469] Hashing of empty dict strings isn't deterministic (09a2dd45) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64)
- [[CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType (647e072e) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f)
- [schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK (4c6922f7) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6)
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
2
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
3
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
4
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6
5
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
7
reference_url https://github.com/advisories/GHSA-pxvg-2qj5-37jq
reference_id GHSA-pxvg-2qj5-37jq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pxvg-2qj5-37jq
8
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq
reference_id GHSA-pxvg-2qj5-37jq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq
fixed_packages
0
url pkg:gem/nokogiri@1.14.3
purl pkg:gem/nokogiri@1.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-6r5w-pgkx-v3cb
2
vulnerability VCID-c6hb-sbhx-zqac
3
vulnerability VCID-ghbk-uumc-dug3
4
vulnerability VCID-hzjv-gf8n-jka2
5
vulnerability VCID-jfh3-1sgm-7ug2
6
vulnerability VCID-q732-nexj-1ue6
7
vulnerability VCID-uf9q-1ds5-wbev
8
vulnerability VCID-w8jf-tsmr-g7cd
9
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.14.3
aliases GHSA-pxvg-2qj5-37jq, GMS-2023-1115
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y5vb-sn4p-eqd9
44
url VCID-yeku-1zjh-kbea
vulnerability_id VCID-yeku-1zjh-kbea
summary 
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
## Summary

Nokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6).

libxml2 v2.13.6 addresses:

- CVE-2025-24928
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
- CVE-2024-56171
   - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

## Impact

### CVE-2025-24928

Stack-buffer overflow is possible when reporting DTD validation errors if the input contains a long (~3kb) QName prefix.

### CVE-2024-56171

Use-after-free is possible during validation against untrusted XML Schemas (.xsd) and, potentially, validation of untrusted documents against trusted Schemas if they make use of `xsd:keyref` in combination with recursively defined types that have additional identity constraints.
references
0
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml
1
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m
3
reference_url https://github.com/advisories/GHSA-vvfq-8hwr-qm4m
reference_id GHSA-vvfq-8hwr-qm4m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vvfq-8hwr-qm4m
fixed_packages
0
url pkg:gem/nokogiri@1.18.3
purl pkg:gem/nokogiri@1.18.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6r5w-pgkx-v3cb
1
vulnerability VCID-jfh3-1sgm-7ug2
2
vulnerability VCID-uf9q-1ds5-wbev
3
vulnerability VCID-w8jf-tsmr-g7cd
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.3
aliases GHSA-vvfq-8hwr-qm4m
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yeku-1zjh-kbea
45
url VCID-zwzs-qztz-wbfj
vulnerability_id VCID-zwzs-qztz-wbfj
summary 
Multiple vulnerabilities have been found in Chromium and Google
    Chrome, the worst of which could allow remote attackers to execute
    arbitrary code.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5815
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29549
published_at 2026-04-13T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29606
published_at 2026-04-08T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29673
published_at 2026-04-02T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29723
published_at 2026-04-04T12:55:00Z
4
value 0.00111
scoring_system epss
scoring_elements 0.29543
published_at 2026-04-07T12:55:00Z
5
value 0.00111
scoring_system epss
scoring_elements 0.29643
published_at 2026-04-09T12:55:00Z
6
value 0.00111
scoring_system epss
scoring_elements 0.29646
published_at 2026-04-11T12:55:00Z
7
value 0.00111
scoring_system epss
scoring_elements 0.29601
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5815
2
reference_url https://bugs.chromium.org/p/chromium/issues/detail?id=930663
reference_id
reference_type
scores
url https://bugs.chromium.org/p/chromium/issues/detail?id=930663
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828
25
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829
26
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830
27
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831
28
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832
29
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833
30
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834
31
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836
32
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837
33
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838
34
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839
35
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840
36
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841
37
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842
38
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843
39
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847
40
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848
41
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849
42
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850
43
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851
44
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852
45
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853
46
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854
47
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855
48
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856
49
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857
50
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858
51
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859
52
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860
53
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861
54
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862
55
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864
56
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865
57
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867
58
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868
59
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503
60
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504
61
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml
62
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
63
reference_url https://github.com/sparklemotion/nokogiri/issues/2630
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/2630
64
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b
65
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html
66
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5815
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5815
67
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1702905
reference_id 1702905
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1702905
68
reference_url https://security.archlinux.org/ASA-201904-12
reference_id ASA-201904-12
reference_type
scores
url https://security.archlinux.org/ASA-201904-12
69
reference_url https://security.archlinux.org/AVG-952
reference_id AVG-952
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-952
70
reference_url https://github.com/advisories/GHSA-vmfx-gcfq-wvm2
reference_id GHSA-vmfx-gcfq-wvm2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vmfx-gcfq-wvm2
71
reference_url https://security.gentoo.org/glsa/201908-18
reference_id GLSA-201908-18
reference_type
scores
url https://security.gentoo.org/glsa/201908-18
72
reference_url https://access.redhat.com/errata/RHSA-2019:1021
reference_id RHSA-2019:1021
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1021
73
reference_url https://usn.ubuntu.com/5575-1/
reference_id USN-5575-1
reference_type
scores
url https://usn.ubuntu.com/5575-1/
74
reference_url https://usn.ubuntu.com/5575-2/
reference_id USN-5575-2
reference_type
scores
url https://usn.ubuntu.com/5575-2/
fixed_packages
0
url pkg:gem/nokogiri@1.10.4
purl pkg:gem/nokogiri@1.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-7bpp-2hvk-2udv
4
vulnerability VCID-8geh-vfns-pfgs
5
vulnerability VCID-9hqf-12yh-bkc8
6
vulnerability VCID-9wgc-swf9-z7hq
7
vulnerability VCID-c6hb-sbhx-zqac
8
vulnerability VCID-cbm2-cez4-bqgh
9
vulnerability VCID-eb6k-ppfd-m7a3
10
vulnerability VCID-ek5d-m9pn-3fec
11
vulnerability VCID-ghbk-uumc-dug3
12
vulnerability VCID-gsar-pymk-43hs
13
vulnerability VCID-hzjv-gf8n-jka2
14
vulnerability VCID-jfh3-1sgm-7ug2
15
vulnerability VCID-jqdg-ebz9-t3e9
16
vulnerability VCID-m7km-hbm9-23h4
17
vulnerability VCID-n6za-rwad-tbaq
18
vulnerability VCID-nq12-ryyt-c7g9
19
vulnerability VCID-q732-nexj-1ue6
20
vulnerability VCID-qv3r-ppuc-zycz
21
vulnerability VCID-rsvx-3f49-v3an
22
vulnerability VCID-snr1-kaug-43aa
23
vulnerability VCID-sxp3-vtcq-pugw
24
vulnerability VCID-txm2-sdc1-7uch
25
vulnerability VCID-u8gx-xbj9-97c7
26
vulnerability VCID-udew-3gre-13hy
27
vulnerability VCID-uf9q-1ds5-wbev
28
vulnerability VCID-vf7b-s3y3-sfhw
29
vulnerability VCID-vhyk-9tbb-quc3
30
vulnerability VCID-w8jf-tsmr-g7cd
31
vulnerability VCID-xd6j-x83x-r3gn
32
vulnerability VCID-y5vb-sn4p-eqd9
33
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4
1
url pkg:gem/nokogiri@1.10.5
purl pkg:gem/nokogiri@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-365e-j8ta-h7cn
1
vulnerability VCID-43qu-922g-myca
2
vulnerability VCID-6r5w-pgkx-v3cb
3
vulnerability VCID-7bpp-2hvk-2udv
4
vulnerability VCID-8geh-vfns-pfgs
5
vulnerability VCID-9hqf-12yh-bkc8
6
vulnerability VCID-9wgc-swf9-z7hq
7
vulnerability VCID-c6hb-sbhx-zqac
8
vulnerability VCID-cbm2-cez4-bqgh
9
vulnerability VCID-eb6k-ppfd-m7a3
10
vulnerability VCID-ek5d-m9pn-3fec
11
vulnerability VCID-ghbk-uumc-dug3
12
vulnerability VCID-gsar-pymk-43hs
13
vulnerability VCID-hzjv-gf8n-jka2
14
vulnerability VCID-jfh3-1sgm-7ug2
15
vulnerability VCID-jqdg-ebz9-t3e9
16
vulnerability VCID-m7km-hbm9-23h4
17
vulnerability VCID-n6za-rwad-tbaq
18
vulnerability VCID-nq12-ryyt-c7g9
19
vulnerability VCID-q732-nexj-1ue6
20
vulnerability VCID-qv3r-ppuc-zycz
21
vulnerability VCID-rsvx-3f49-v3an
22
vulnerability VCID-snr1-kaug-43aa
23
vulnerability VCID-u8gx-xbj9-97c7
24
vulnerability VCID-udew-3gre-13hy
25
vulnerability VCID-uf9q-1ds5-wbev
26
vulnerability VCID-vf7b-s3y3-sfhw
27
vulnerability VCID-vhyk-9tbb-quc3
28
vulnerability VCID-w8jf-tsmr-g7cd
29
vulnerability VCID-xd6j-x83x-r3gn
30
vulnerability VCID-y5vb-sn4p-eqd9
31
vulnerability VCID-yeku-1zjh-kbea
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5
aliases CVE-2019-5815, GHSA-vmfx-gcfq-wvm2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwzs-qztz-wbfj
Fixing_vulnerabilities
0
url VCID-2j62-5rjn-vyeu
vulnerability_id VCID-2j62-5rjn-vyeu
summary 
Uncontrolled Resource Consumption
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8806.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8806.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8806
reference_id
reference_type
scores
0
value 0.06052
scoring_system epss
scoring_elements 0.9071
published_at 2026-04-04T12:55:00Z
1
value 0.06052
scoring_system epss
scoring_elements 0.90694
published_at 2026-04-01T12:55:00Z
2
value 0.06052
scoring_system epss
scoring_elements 0.90743
published_at 2026-04-13T12:55:00Z
3
value 0.06052
scoring_system epss
scoring_elements 0.90746
published_at 2026-04-12T12:55:00Z
4
value 0.06052
scoring_system epss
scoring_elements 0.90737
published_at 2026-04-09T12:55:00Z
5
value 0.06052
scoring_system epss
scoring_elements 0.90731
published_at 2026-04-08T12:55:00Z
6
value 0.06052
scoring_system epss
scoring_elements 0.9072
published_at 2026-04-07T12:55:00Z
7
value 0.06052
scoring_system epss
scoring_elements 0.90699
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8806
2
reference_url https://bugzilla.gnome.org/show_bug.cgi?id=749115
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.gnome.org/show_bug.cgi?id=749115
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
19
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
20
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml
21
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
22
reference_url https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028
23
reference_url https://github.com/sparklemotion/nokogiri/issues/1473
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1473
24
reference_url https://mail.gnome.org/archives/xml/2016-May/msg00023.html
reference_id
reference_type
scores
url https://mail.gnome.org/archives/xml/2016-May/msg00023.html
25
reference_url https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071
26
reference_url https://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2016/dsa-3593
27
reference_url http://www.openwall.com/lists/oss-security/2016/02/03/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/02/03/5
28
reference_url http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
29
reference_url http://www.securityfocus.com/bid/82071
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/82071
30
reference_url http://www.ubuntu.com/usn/usn-2994-1/
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/usn-2994-1/
31
reference_url http://www.ubuntu.com/usn/USN-2994-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2994-1
32
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1304636
reference_id 1304636
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1304636
33
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613
reference_id 813613
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8806
reference_id CVE-2015-8806
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-8806
41
reference_url https://github.com/advisories/GHSA-7hp2-xwpj-95jq
reference_id GHSA-7hp2-xwpj-95jq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7hp2-xwpj-95jq
42
reference_url https://security.gentoo.org/glsa/201701-37
reference_id GLSA-201701-37
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201701-37
43
reference_url https://usn.ubuntu.com/2994-1/
reference_id USN-2994-1
reference_type
scores
url https://usn.ubuntu.com/2994-1/
fixed_packages
0
url pkg:gem/nokogiri@1.6.8
purl pkg:gem/nokogiri@1.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-22km-jmtd-yyde
1
vulnerability VCID-365e-j8ta-h7cn
2
vulnerability VCID-3f2w-tgya-x3cc
3
vulnerability VCID-43qu-922g-myca
4
vulnerability VCID-64c1-dzhs-u3gj
5
vulnerability VCID-6r5w-pgkx-v3cb
6
vulnerability VCID-7bpp-2hvk-2udv
7
vulnerability VCID-8geh-vfns-pfgs
8
vulnerability VCID-96v6-vs1m-skf3
9
vulnerability VCID-9hqf-12yh-bkc8
10
vulnerability VCID-9wgc-swf9-z7hq
11
vulnerability VCID-azzy-m5pc-qudn
12
vulnerability VCID-bejh-22y7-kuh6
13
vulnerability VCID-c6hb-sbhx-zqac
14
vulnerability VCID-cbm2-cez4-bqgh
15
vulnerability VCID-eb6k-ppfd-m7a3
16
vulnerability VCID-ecde-c15q-ukh1
17
vulnerability VCID-ek5d-m9pn-3fec
18
vulnerability VCID-ghbk-uumc-dug3
19
vulnerability VCID-gsar-pymk-43hs
20
vulnerability VCID-hzjv-gf8n-jka2
21
vulnerability VCID-jfh3-1sgm-7ug2
22
vulnerability VCID-jqdg-ebz9-t3e9
23
vulnerability VCID-m7km-hbm9-23h4
24
vulnerability VCID-n6za-rwad-tbaq
25
vulnerability VCID-nq12-ryyt-c7g9
26
vulnerability VCID-q732-nexj-1ue6
27
vulnerability VCID-qv3r-ppuc-zycz
28
vulnerability VCID-rsvx-3f49-v3an
29
vulnerability VCID-snr1-kaug-43aa
30
vulnerability VCID-sqa5-8yrd-qyfz
31
vulnerability VCID-sxp3-vtcq-pugw
32
vulnerability VCID-tdt5-asvh-ryaa
33
vulnerability VCID-tn87-vke6-kuf6
34
vulnerability VCID-txm2-sdc1-7uch
35
vulnerability VCID-u8gx-xbj9-97c7
36
vulnerability VCID-udew-3gre-13hy
37
vulnerability VCID-uf9q-1ds5-wbev
38
vulnerability VCID-vf7b-s3y3-sfhw
39
vulnerability VCID-vhyk-9tbb-quc3
40
vulnerability VCID-w8jf-tsmr-g7cd
41
vulnerability VCID-wc4g-sxyq-ubcd
42
vulnerability VCID-xd6j-x83x-r3gn
43
vulnerability VCID-y5vb-sn4p-eqd9
44
vulnerability VCID-yeku-1zjh-kbea
45
vulnerability VCID-zwzs-qztz-wbfj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.8
aliases CVE-2015-8806, GHSA-7hp2-xwpj-95jq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2j62-5rjn-vyeu
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.8