Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/51333?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/51333?format=api", "purl": "pkg:nuget/libxml2@1.7.0", "type": "nuget", "namespace": "", "name": "libxml2", "version": "1.7.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37549?format=api", "vulnerability_id": "VCID-43m9-cg6h-nuet", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nparser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2877.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2877.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70629", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70671", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70679", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70662", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2853", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2853" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2869", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2869" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2870" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2871", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2871" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2879", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2879" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2880" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715531", "reference_id": "715531", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715531" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=983204", "reference_id": "983204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=983204" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2877", "reference_id": "CVE-2013-2877", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2877" }, { "reference_url": "https://security.gentoo.org/glsa/201309-16", "reference_id": "GLSA-201309-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-16" }, { "reference_url": "https://security.gentoo.org/glsa/201311-06", "reference_id": "GLSA-201311-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-06" }, { "reference_url": "https://security.gentoo.org/glsa/201412-11", "reference_id": "GLSA-201412-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0513", "reference_id": "RHSA-2014:0513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0513" }, { "reference_url": "https://usn.ubuntu.com/1904-1/", "reference_id": "USN-1904-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1904-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51192?format=api", "purl": "pkg:nuget/libxml2@2.7.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nax-e3jj-ryef" }, { "vulnerability": "VCID-1zr7-kx71-tkcr" }, { "vulnerability": "VCID-2wkc-xqzc-e3g2" }, { "vulnerability": "VCID-3ean-ys5t-bydz" }, { "vulnerability": "VCID-3s6k-9cgk-dfd6" }, { "vulnerability": "VCID-4sg9-pjmx-6kfy" }, { "vulnerability": "VCID-512y-x2fd-4uh5" }, { "vulnerability": "VCID-5g9a-2484-rucp" }, { "vulnerability": "VCID-5z25-mem7-hfcx" }, { "vulnerability": "VCID-6bw6-4huq-dqex" }, { "vulnerability": "VCID-6hc4-jdej-gkcp" }, { "vulnerability": "VCID-6t8y-27ba-cfa2" }, { "vulnerability": "VCID-81t2-tsq4-x7ce" }, { "vulnerability": "VCID-8719-hux3-fugq" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-9usm-m2ey-7qad" }, { "vulnerability": "VCID-a611-3sqz-bkac" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-anzu-y37j-dbc2" }, { "vulnerability": "VCID-bgcq-x9bd-83ap" }, { "vulnerability": "VCID-bksc-y3j7-ufek" }, { "vulnerability": "VCID-bwrv-burs-sqg6" }, { "vulnerability": "VCID-d39h-k44d-8kgx" }, { "vulnerability": "VCID-ds9f-6ppp-5fax" }, { "vulnerability": "VCID-e8w6-ax3x-wqan" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-ezzm-sgz4-xbaa" }, { "vulnerability": "VCID-f8q4-hk9r-6be4" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-frer-xevm-x7f7" }, { "vulnerability": "VCID-gfk4-86ze-3bdx" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-kg69-mhxs-tkcx" }, { "vulnerability": "VCID-m8d1-5qex-huf8" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-ncxg-w6wk-bkb4" }, { "vulnerability": "VCID-pgfh-4snq-pbe6" }, { "vulnerability": "VCID-q1rm-fyhj-kbfu" }, { "vulnerability": "VCID-q736-5feg-q3h2" }, { "vulnerability": "VCID-qa31-1xtw-ybdg" }, { "vulnerability": "VCID-u795-5dzy-gkbs" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-w156-x6fs-7baj" }, { "vulnerability": "VCID-y6zn-hwwh-23hp" }, { "vulnerability": "VCID-y76b-6hzr-uqgb" }, { "vulnerability": "VCID-yjn6-17qx-9ubc" }, { "vulnerability": "VCID-zezc-xfmm-cqcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libxml2@2.7.8.2" } ], "aliases": [ "CVE-2013-2877" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43m9-cg6h-nuet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37470?format=api", "vulnerability_id": "VCID-7qqd-ze42-ayab", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nHeap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2, as used in Google Chrome and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5134.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5134.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84241", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84264", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84267", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84261", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5134" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694521", "reference_id": "694521", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694521" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=880466", "reference_id": "880466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880466" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5134", "reference_id": "CVE-2012-5134", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5134" }, { "reference_url": "https://security.gentoo.org/glsa/201311-06", "reference_id": "GLSA-201311-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1512", "reference_id": "RHSA-2012:1512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0217", "reference_id": "RHSA-2013:0217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0217" }, { "reference_url": "https://usn.ubuntu.com/1656-1/", "reference_id": "USN-1656-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1656-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51192?format=api", "purl": "pkg:nuget/libxml2@2.7.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nax-e3jj-ryef" }, { "vulnerability": "VCID-1zr7-kx71-tkcr" }, { "vulnerability": "VCID-2wkc-xqzc-e3g2" }, { "vulnerability": "VCID-3ean-ys5t-bydz" }, { "vulnerability": "VCID-3s6k-9cgk-dfd6" }, { "vulnerability": "VCID-4sg9-pjmx-6kfy" }, { "vulnerability": "VCID-512y-x2fd-4uh5" }, { "vulnerability": "VCID-5g9a-2484-rucp" }, { "vulnerability": "VCID-5z25-mem7-hfcx" }, { "vulnerability": "VCID-6bw6-4huq-dqex" }, { "vulnerability": "VCID-6hc4-jdej-gkcp" }, { "vulnerability": "VCID-6t8y-27ba-cfa2" }, { "vulnerability": "VCID-81t2-tsq4-x7ce" }, { "vulnerability": "VCID-8719-hux3-fugq" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-9usm-m2ey-7qad" }, { "vulnerability": "VCID-a611-3sqz-bkac" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-anzu-y37j-dbc2" }, { "vulnerability": "VCID-bgcq-x9bd-83ap" }, { "vulnerability": "VCID-bksc-y3j7-ufek" }, { "vulnerability": "VCID-bwrv-burs-sqg6" }, { "vulnerability": "VCID-d39h-k44d-8kgx" }, { "vulnerability": "VCID-ds9f-6ppp-5fax" }, { "vulnerability": "VCID-e8w6-ax3x-wqan" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-ezzm-sgz4-xbaa" }, { "vulnerability": "VCID-f8q4-hk9r-6be4" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-frer-xevm-x7f7" }, { "vulnerability": "VCID-gfk4-86ze-3bdx" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-kg69-mhxs-tkcx" }, { "vulnerability": "VCID-m8d1-5qex-huf8" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-ncxg-w6wk-bkb4" }, { "vulnerability": "VCID-pgfh-4snq-pbe6" }, { "vulnerability": "VCID-q1rm-fyhj-kbfu" }, { "vulnerability": "VCID-q736-5feg-q3h2" }, { "vulnerability": "VCID-qa31-1xtw-ybdg" }, { "vulnerability": "VCID-u795-5dzy-gkbs" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-w156-x6fs-7baj" }, { "vulnerability": "VCID-y6zn-hwwh-23hp" }, { "vulnerability": "VCID-y76b-6hzr-uqgb" }, { "vulnerability": "VCID-yjn6-17qx-9ubc" }, { "vulnerability": "VCID-zezc-xfmm-cqcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libxml2@2.7.8.2" } ], "aliases": [ "CVE-2012-5134" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qqd-ze42-ayab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37536?format=api", "vulnerability_id": "VCID-kmvz-pynk-p7fn", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nlibxml2 allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0338.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0338.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71779", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71818", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71825", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00672", "scoring_system": "epss", "scoring_elements": "0.71801", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0338" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702260", "reference_id": "702260", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702260" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400", "reference_id": "912400", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0338", "reference_id": "CVE-2013-0338", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0338" }, { "reference_url": "https://security.gentoo.org/glsa/201311-06", "reference_id": "GLSA-201311-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-06" }, { "reference_url": "https://security.gentoo.org/glsa/201412-11", "reference_id": "GLSA-201412-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0581", "reference_id": "RHSA-2013:0581", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0581" }, { "reference_url": "https://usn.ubuntu.com/1782-1/", "reference_id": "USN-1782-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1782-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51192?format=api", "purl": "pkg:nuget/libxml2@2.7.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nax-e3jj-ryef" }, { "vulnerability": "VCID-1zr7-kx71-tkcr" }, { "vulnerability": "VCID-2wkc-xqzc-e3g2" }, { "vulnerability": "VCID-3ean-ys5t-bydz" }, { "vulnerability": "VCID-3s6k-9cgk-dfd6" }, { "vulnerability": "VCID-4sg9-pjmx-6kfy" }, { "vulnerability": "VCID-512y-x2fd-4uh5" }, { "vulnerability": "VCID-5g9a-2484-rucp" }, { "vulnerability": "VCID-5z25-mem7-hfcx" }, { "vulnerability": "VCID-6bw6-4huq-dqex" }, { "vulnerability": "VCID-6hc4-jdej-gkcp" }, { "vulnerability": "VCID-6t8y-27ba-cfa2" }, { "vulnerability": "VCID-81t2-tsq4-x7ce" }, { "vulnerability": "VCID-8719-hux3-fugq" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-9usm-m2ey-7qad" }, { "vulnerability": "VCID-a611-3sqz-bkac" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-anzu-y37j-dbc2" }, { "vulnerability": "VCID-bgcq-x9bd-83ap" }, { "vulnerability": "VCID-bksc-y3j7-ufek" }, { "vulnerability": "VCID-bwrv-burs-sqg6" }, { "vulnerability": "VCID-d39h-k44d-8kgx" }, { "vulnerability": "VCID-ds9f-6ppp-5fax" }, { "vulnerability": "VCID-e8w6-ax3x-wqan" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-ezzm-sgz4-xbaa" }, { "vulnerability": "VCID-f8q4-hk9r-6be4" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-frer-xevm-x7f7" }, { "vulnerability": "VCID-gfk4-86ze-3bdx" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-kg69-mhxs-tkcx" }, { "vulnerability": "VCID-m8d1-5qex-huf8" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-ncxg-w6wk-bkb4" }, { "vulnerability": "VCID-pgfh-4snq-pbe6" }, { "vulnerability": "VCID-q1rm-fyhj-kbfu" }, { "vulnerability": "VCID-q736-5feg-q3h2" }, { "vulnerability": "VCID-qa31-1xtw-ybdg" }, { "vulnerability": "VCID-u795-5dzy-gkbs" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-w156-x6fs-7baj" }, { "vulnerability": "VCID-y6zn-hwwh-23hp" }, { "vulnerability": "VCID-y76b-6hzr-uqgb" }, { "vulnerability": "VCID-yjn6-17qx-9ubc" }, { "vulnerability": "VCID-zezc-xfmm-cqcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libxml2@2.7.8.2" } ], "aliases": [ "CVE-2013-0338" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kmvz-pynk-p7fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37627?format=api", "vulnerability_id": "VCID-v22x-mq8p-8qc7", "summary": "Uncontrolled Resource Consumption\nlibxml2 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0339.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0339.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01783", "scoring_system": "epss", "scoring_elements": "0.8307", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01783", "scoring_system": "epss", "scoring_elements": "0.83096", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01783", "scoring_system": "epss", "scoring_elements": "0.83093", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0339" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0339" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702260", "reference_id": "702260", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702260" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=915149", "reference_id": "915149", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915149" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/cve-2013-0339", "reference_id": "CVE-2013-0339", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0339" }, { "reference_url": "https://security.gentoo.org/glsa/201412-11", "reference_id": "GLSA-201412-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-11" }, { "reference_url": "https://usn.ubuntu.com/1904-1/", "reference_id": "USN-1904-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1904-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51192?format=api", "purl": "pkg:nuget/libxml2@2.7.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nax-e3jj-ryef" }, { "vulnerability": "VCID-1zr7-kx71-tkcr" }, { "vulnerability": "VCID-2wkc-xqzc-e3g2" }, { "vulnerability": "VCID-3ean-ys5t-bydz" }, { "vulnerability": "VCID-3s6k-9cgk-dfd6" }, { "vulnerability": "VCID-4sg9-pjmx-6kfy" }, { "vulnerability": "VCID-512y-x2fd-4uh5" }, { "vulnerability": "VCID-5g9a-2484-rucp" }, { "vulnerability": "VCID-5z25-mem7-hfcx" }, { "vulnerability": "VCID-6bw6-4huq-dqex" }, { "vulnerability": "VCID-6hc4-jdej-gkcp" }, { "vulnerability": "VCID-6t8y-27ba-cfa2" }, { "vulnerability": "VCID-81t2-tsq4-x7ce" }, { "vulnerability": "VCID-8719-hux3-fugq" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-9usm-m2ey-7qad" }, { "vulnerability": "VCID-a611-3sqz-bkac" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-anzu-y37j-dbc2" }, { "vulnerability": "VCID-bgcq-x9bd-83ap" }, { "vulnerability": "VCID-bksc-y3j7-ufek" }, { "vulnerability": "VCID-bwrv-burs-sqg6" }, { "vulnerability": "VCID-d39h-k44d-8kgx" }, { "vulnerability": "VCID-ds9f-6ppp-5fax" }, { "vulnerability": "VCID-e8w6-ax3x-wqan" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-ezzm-sgz4-xbaa" }, { "vulnerability": "VCID-f8q4-hk9r-6be4" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-frer-xevm-x7f7" }, { "vulnerability": "VCID-gfk4-86ze-3bdx" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-kg69-mhxs-tkcx" }, { "vulnerability": "VCID-m8d1-5qex-huf8" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-ncxg-w6wk-bkb4" }, { "vulnerability": "VCID-pgfh-4snq-pbe6" }, { "vulnerability": "VCID-q1rm-fyhj-kbfu" }, { "vulnerability": "VCID-q736-5feg-q3h2" }, { "vulnerability": "VCID-qa31-1xtw-ybdg" }, { "vulnerability": "VCID-u795-5dzy-gkbs" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-w156-x6fs-7baj" }, { "vulnerability": "VCID-y6zn-hwwh-23hp" }, { "vulnerability": "VCID-y76b-6hzr-uqgb" }, { "vulnerability": "VCID-yjn6-17qx-9ubc" }, { "vulnerability": "VCID-zezc-xfmm-cqcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libxml2@2.7.8.2" } ], "aliases": [ "CVE-2013-0339" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v22x-mq8p-8qc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37474?format=api", "vulnerability_id": "VCID-xxpz-ak6z-5ufn", "summary": "Uncontrolled Resource Consumption\nlibxml2 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0841.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0841.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0841", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00449", "scoring_system": "epss", "scoring_elements": "0.63942", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01023", "scoring_system": "epss", "scoring_elements": "0.77599", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01023", "scoring_system": "epss", "scoring_elements": "0.77628", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01023", "scoring_system": "epss", "scoring_elements": "0.77636", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0841" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846", "reference_id": "660846", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=787067", "reference_id": "787067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=787067" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0841", "reference_id": "CVE-2012-0841", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0841" }, { "reference_url": "https://security.gentoo.org/glsa/201203-04", "reference_id": "GLSA-201203-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0324", "reference_id": "RHSA-2012:0324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0217", "reference_id": "RHSA-2013:0217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0217" }, { "reference_url": "https://usn.ubuntu.com/1376-1/", "reference_id": "USN-1376-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1376-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51192?format=api", "purl": "pkg:nuget/libxml2@2.7.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nax-e3jj-ryef" }, { "vulnerability": "VCID-1zr7-kx71-tkcr" }, { "vulnerability": "VCID-2wkc-xqzc-e3g2" }, { "vulnerability": "VCID-3ean-ys5t-bydz" }, { "vulnerability": "VCID-3s6k-9cgk-dfd6" }, { "vulnerability": "VCID-4sg9-pjmx-6kfy" }, { "vulnerability": "VCID-512y-x2fd-4uh5" }, { "vulnerability": "VCID-5g9a-2484-rucp" }, { "vulnerability": "VCID-5z25-mem7-hfcx" }, { "vulnerability": "VCID-6bw6-4huq-dqex" }, { "vulnerability": "VCID-6hc4-jdej-gkcp" }, { "vulnerability": "VCID-6t8y-27ba-cfa2" }, { "vulnerability": "VCID-81t2-tsq4-x7ce" }, { "vulnerability": "VCID-8719-hux3-fugq" }, { "vulnerability": "VCID-9m3t-anwb-4fbx" }, { "vulnerability": "VCID-9usm-m2ey-7qad" }, { "vulnerability": "VCID-a611-3sqz-bkac" }, { "vulnerability": "VCID-akrb-6bu8-nqfq" }, { "vulnerability": "VCID-anzu-y37j-dbc2" }, { "vulnerability": "VCID-bgcq-x9bd-83ap" }, { "vulnerability": "VCID-bksc-y3j7-ufek" }, { "vulnerability": "VCID-bwrv-burs-sqg6" }, { "vulnerability": "VCID-d39h-k44d-8kgx" }, { "vulnerability": "VCID-ds9f-6ppp-5fax" }, { "vulnerability": "VCID-e8w6-ax3x-wqan" }, { "vulnerability": "VCID-efx2-bpu9-z7a4" }, { "vulnerability": "VCID-egft-crba-6ubx" }, { "vulnerability": "VCID-ezzm-sgz4-xbaa" }, { "vulnerability": "VCID-f8q4-hk9r-6be4" }, { "vulnerability": "VCID-fn1n-adz5-5fcy" }, { "vulnerability": "VCID-frer-xevm-x7f7" }, { "vulnerability": "VCID-gfk4-86ze-3bdx" }, { "vulnerability": "VCID-j98t-paam-97ec" }, { "vulnerability": "VCID-kg69-mhxs-tkcx" }, { "vulnerability": "VCID-m8d1-5qex-huf8" }, { "vulnerability": "VCID-m91c-mfu9-bbbh" }, { "vulnerability": "VCID-ncxg-w6wk-bkb4" }, { "vulnerability": "VCID-pgfh-4snq-pbe6" }, { "vulnerability": "VCID-q1rm-fyhj-kbfu" }, { "vulnerability": "VCID-q736-5feg-q3h2" }, { "vulnerability": "VCID-qa31-1xtw-ybdg" }, { "vulnerability": "VCID-u795-5dzy-gkbs" }, { "vulnerability": "VCID-ueh5-fv4d-a7a8" }, { "vulnerability": "VCID-w156-x6fs-7baj" }, { "vulnerability": "VCID-y6zn-hwwh-23hp" }, { "vulnerability": "VCID-y76b-6hzr-uqgb" }, { "vulnerability": "VCID-yjn6-17qx-9ubc" }, { "vulnerability": "VCID-zezc-xfmm-cqcg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libxml2@2.7.8.2" } ], "aliases": [ "CVE-2012-0841" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxpz-ak6z-5ufn" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libxml2@1.7.0" }