Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/nokogiri@1.10.5
Typegem
Namespace
Namenokogiri
Version1.10.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.19.3
Latest_non_vulnerable_version1.19.3
Affected_by_vulnerabilities
0
url VCID-12ee-na2t-6kg5
vulnerability_id VCID-12ee-na2t-6kg5
summary multiple issues
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7595
reference_id
reference_type
scores
0
value 0.00476
scoring_system epss
scoring_elements 0.65205
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7595
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
5
reference_url https://github.com/sparklemotion/nokogiri/issues/1992
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1992
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076
7
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
14
reference_url https://security.gentoo.org/glsa/202010-04
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://security.gentoo.org/glsa/202010-04
15
reference_url https://security.netapp.com/advisory/ntap-20200702-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200702-0005
16
reference_url https://security.netapp.com/advisory/ntap-20200702-0005/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://security.netapp.com/advisory/ntap-20200702-0005/
17
reference_url https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
18
reference_url https://usn.ubuntu.com/4274-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4274-1
19
reference_url https://usn.ubuntu.com/4274-1/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://usn.ubuntu.com/4274-1/
20
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
21
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://www.oracle.com/security-alerts/cpujul2020.html
22
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
23
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
reference_id 545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
reference_id 5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582
reference_id 949582
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582
27
reference_url https://security.archlinux.org/ASA-202011-15
reference_id ASA-202011-15
reference_type
scores
url https://security.archlinux.org/ASA-202011-15
28
reference_url https://security.archlinux.org/AVG-1263
reference_id AVG-1263
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1263
29
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7595
reference_id CVE-2020-7595
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7595
30
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml
reference_id CVE-2020-7595.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml
31
reference_url https://github.com/advisories/GHSA-7553-jr98-vx47
reference_id GHSA-7553-jr98-vx47
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7553-jr98-vx47
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
reference_id JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
fixed_packages
0
url pkg:gem/nokogiri@1.10.8
purl pkg:gem/nokogiri@1.10.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ks1-3a4g-eqe7
1
vulnerability VCID-4yvf-h1z3-nfd7
2
vulnerability VCID-6b72-3exf-qfhs
3
vulnerability VCID-arq2-c738-tugt
4
vulnerability VCID-e37h-xnn4-hbcn
5
vulnerability VCID-gpcm-1wx2-guhq
6
vulnerability VCID-jwaq-3j9v-nbde
7
vulnerability VCID-ktaj-j2nh-zug6
8
vulnerability VCID-m542-6h3p-gudj
9
vulnerability VCID-zka7-1e8v-d3d7
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.8
aliases CVE-2020-7595, GHSA-7553-jr98-vx47
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12ee-na2t-6kg5
1
url VCID-1ks1-3a4g-eqe7
vulnerability_id VCID-1ks1-3a4g-eqe7
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23476
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.49221
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23476
2
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
3
reference_url https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/
url https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
4
reference_url https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/
url https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2153279
reference_id 2153279
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2153279
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23476
reference_id CVE-2022-23476
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23476
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml
reference_id CVE-2022-23476.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml
8
reference_url https://github.com/advisories/GHSA-qv4q-mr5r-qprj
reference_id GHSA-qv4q-mr5r-qprj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qv4q-mr5r-qprj
9
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
reference_id GHSA-qv4q-mr5r-qprj
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
10
reference_url https://security.gentoo.org/glsa/202408-13
reference_id GLSA-202408-13
reference_type
scores
url https://security.gentoo.org/glsa/202408-13
fixed_packages
0
url pkg:gem/nokogiri@1.13.10
purl pkg:gem/nokogiri@1.13.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4yvf-h1z3-nfd7
1
vulnerability VCID-6b72-3exf-qfhs
2
vulnerability VCID-arq2-c738-tugt
3
vulnerability VCID-e37h-xnn4-hbcn
4
vulnerability VCID-gpcm-1wx2-guhq
5
vulnerability VCID-ktaj-j2nh-zug6
6
vulnerability VCID-m542-6h3p-gudj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.10
aliases CVE-2022-23476, GHSA-qv4q-mr5r-qprj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ks1-3a4g-eqe7
2
url VCID-4yvf-h1z3-nfd7
vulnerability_id VCID-4yvf-h1z3-nfd7
summary Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5
2
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53
3
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
4
reference_url https://github.com/advisories/GHSA-r95h-9x8f-r3f7
reference_id GHSA-r95h-9x8f-r3f7
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r95h-9x8f-r3f7
5
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7
reference_id GHSA-r95h-9x8f-r3f7
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml
reference_id GHSA-r95h-9x8f-r3f7.yml
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml
fixed_packages
0
url pkg:gem/nokogiri@1.16.5
purl pkg:gem/nokogiri@1.16.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6b72-3exf-qfhs
1
vulnerability VCID-e37h-xnn4-hbcn
2
vulnerability VCID-gpcm-1wx2-guhq
3
vulnerability VCID-m542-6h3p-gudj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.5
aliases GHSA-r95h-9x8f-r3f7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4yvf-h1z3-nfd7
3
url VCID-6b72-3exf-qfhs
vulnerability_id VCID-6b72-3exf-qfhs
summary 
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
## Summary

Nokogiri v1.18.8 upgrades its dependency libxml2 to
[v2.13.8](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8).

libxml2 v2.13.8 addresses:

- CVE-2025-32414
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
- CVE-2025-32415
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/890

## Impact

### CVE-2025-32414: No impact

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds
memory access can occur in the Python API (Python bindings) because
of an incorrect return value. This occurs in xmlPythonFileRead and
xmlPythonFileReadRaw because of a difference between bytes and characters.

**There is no impact** from this CVE for Nokogiri users.

### CVE-2025-32415: Low impact

In libxml2 before 2.13.8 and 2.14.x before 2.14.2,
xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer
under-read. To exploit this, a crafted XML document must be validated
against an XML schema with certain identity constraints, or a
crafted XML schema must be used.

In the upstream issue, further context is provided by the maintainer:

> The bug affects validation against untrusted XML Schemas (.xsd)
> and validation of untrusted documents against trusted Schemas if
> they make use of xsd:keyref in combination with recursively
> defined types that have additional identity constraints.

MITRE has published a severity score of 2.9 LOW
(CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) for this CVE.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc
2
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
3
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
4
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8
5
reference_url https://github.com/advisories/GHSA-5w6v-399v-w3cc
reference_id GHSA-5w6v-399v-w3cc
reference_type
scores
url https://github.com/advisories/GHSA-5w6v-399v-w3cc
fixed_packages
0
url pkg:gem/nokogiri@1.18.8
purl pkg:gem/nokogiri@1.18.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e37h-xnn4-hbcn
1
vulnerability VCID-gpcm-1wx2-guhq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.8
aliases GHSA-5w6v-399v-w3cc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6b72-3exf-qfhs
4
url VCID-arq2-c738-tugt
vulnerability_id VCID-arq2-c738-tugt
summary 
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
### Summary

Nokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to [v2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4) from v2.10.3.

libxml2 v2.10.4 addresses the following known vulnerabilities:

- [CVE-2023-29469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469): Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484): Fix null deref in xmlSchemaFixupComplexType
- Schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK

Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.14.3`, and only if the _packaged_ libraries are being used. If you've overridden defaults at installation time to use _system_ libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` release announcements.


### Mitigation

Upgrade to Nokogiri `>= 1.14.3`.

Users who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile and link Nokogiri against external libraries libxml2 `>= 2.10.4` which will also address these same issues.


### Impact

No public information has yet been published about the security-related issues other than the upstream commits. Examination of those changesets indicate that the more serious issues relate to libxml2 dereferencing NULL pointers and potentially segfaulting while parsing untrusted inputs.

The commits can be examined at:

- [[CVE-2023-29469] Hashing of empty dict strings isn't deterministic (09a2dd45) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64)
- [[CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType (647e072e) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f)
- [schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK (4c6922f7) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6)
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
2
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
3
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
4
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6
5
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
7
reference_url https://github.com/advisories/GHSA-pxvg-2qj5-37jq
reference_id GHSA-pxvg-2qj5-37jq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pxvg-2qj5-37jq
8
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq
reference_id GHSA-pxvg-2qj5-37jq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq
fixed_packages
0
url pkg:gem/nokogiri@1.14.3
purl pkg:gem/nokogiri@1.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4yvf-h1z3-nfd7
1
vulnerability VCID-6b72-3exf-qfhs
2
vulnerability VCID-e37h-xnn4-hbcn
3
vulnerability VCID-gpcm-1wx2-guhq
4
vulnerability VCID-ktaj-j2nh-zug6
5
vulnerability VCID-m542-6h3p-gudj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.14.3
aliases GHSA-pxvg-2qj5-37jq, GMS-2023-1115
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arq2-c738-tugt
5
url VCID-e37h-xnn4-hbcn
vulnerability_id VCID-e37h-xnn4-hbcn
summary 
Nokogiri patches vendored libxml2 to resolve multiple CVEs
## Summary

Nokogiri v1.18.9 patches the vendored libxml2 to address
CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795,
and CVE-2025-49796.

## Impact and severity

### CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer
overflows in buffer size calculations can lead to a stack-based
buffer overflow. This issue can result in memory corruption or a
denial of service when processing crafted input.

NVD claims a severity of 7.5 High
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/17d950ae

### CVE-2025-6170

A flaw was found in the interactive shell of the xmllint command-line
tool, used for parsing XML files. When a user inputs an overly long
command, the program does not check the input size properly, which
can cause it to crash. This issue might allow attackers to run
harmful code in rare configurations without modern protections.

NVD claims a severity of 2.5 Low
(CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/5e9ec5c1

### CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue
occurs when parsing XPath elements under certain circumstances when
the XML schematron has the <sch:name path="..."/> schema elements.
This flaw allows a malicious actor to craft a malicious XML document
used as input for libxml, resulting in the program's crash using
libxml or other possible undefined behaviors.

NVD claims a severity of 9.1 Critical
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5

### CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when
processing XPath XML expressions. This flaw allows an attacker to
craft a malicious XML input to libxml2, leading to a denial of service.

NVD claims a severity of 7.5 High
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/62048278

### CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name
elements from the input XML file can trigger a memory corruption
issue. This flaw allows an attacker to craft a malicious XML input
file that can lead libxml to crash, resulting in a denial of service
or other possible undefined behavior due to sensitive data being
corrupted in memory.

NVD claims a severity of 9.1 Critical
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5

## Affected Versions

- Nokogiri < 1.18.9 when using CRuby (MRI) with vendored libxml2

## Patched Versions

- Nokogiri >= 1.18.9

## Mitigation

Upgrade to Nokogiri v1.18.9 or later.

Users who are unable to upgrade Nokogiri may also choose a more
complicated mitigation: compile and link Nokogiri against patched
external libxml2 libraries which will also address these same issues.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/pull/3526
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/pull/3526
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49794
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49794
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49795
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49795
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49796
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49796
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6021
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6021
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6170
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6170
8
reference_url https://github.com/advisories/GHSA-353f-x4gh-cqq8
reference_id GHSA-353f-x4gh-cqq8
reference_type
scores
url https://github.com/advisories/GHSA-353f-x4gh-cqq8
fixed_packages
0
url pkg:gem/nokogiri@1.18.9
purl pkg:gem/nokogiri@1.18.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gpcm-1wx2-guhq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.9
aliases GHSA-353f-x4gh-cqq8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e37h-xnn4-hbcn
6
url VCID-gpcm-1wx2-guhq
vulnerability_id VCID-gpcm-1wx2-guhq
summary 
Nokogiri does not check the return value from xmlC14NExecute
Nokogiri's CRuby extension fails to check the return value from `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize` and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may allow downstream libraries to accept invalid or incomplete canonicalized XML, which has been demonstrated to enable signature validation bypass in SAML libraries.

JRuby is not affected, as the Java implementation correctly raises `RuntimeError` on canonicalization failure.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/advisories/GHSA-wx95-c6cv-8532
reference_id GHSA-wx95-c6cv-8532
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wx95-c6cv-8532
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532
reference_id GHSA-wx95-c6cv-8532
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532
fixed_packages
0
url pkg:gem/nokogiri@1.19.1
purl pkg:gem/nokogiri@1.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gpcm-1wx2-guhq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.19.1
aliases GHSA-wx95-c6cv-8532
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gpcm-1wx2-guhq
7
url VCID-jwaq-3j9v-nbde
vulnerability_id VCID-jwaq-3j9v-nbde
summary 
Inefficient Regular Expression Complexity
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24836
reference_id
reference_type
scores
0
value 0.01827
scoring_system epss
scoring_elements 0.83216
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24836
1
reference_url http://seclists.org/fulldisclosure/2022/Dec/23
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2022/Dec/23
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
4
reference_url https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
5
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
6
reference_url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
7
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
8
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
15
reference_url https://security.gentoo.org/glsa/202208-29
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-29
16
reference_url https://support.apple.com/kb/HT213532
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT213532
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787
reference_id 1009787
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24836
reference_id CVE-2022-24836
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24836
19
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml
reference_id CVE-2022-24836.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml
20
reference_url https://github.com/advisories/GHSA-crjr-9rc5-ghw8
reference_id GHSA-crjr-9rc5-ghw8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-crjr-9rc5-ghw8
21
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
reference_id GHSA-crjr-9rc5-ghw8
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
fixed_packages
0
url pkg:gem/nokogiri@1.13.4
purl pkg:gem/nokogiri@1.13.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ks1-3a4g-eqe7
1
vulnerability VCID-4yvf-h1z3-nfd7
2
vulnerability VCID-6b72-3exf-qfhs
3
vulnerability VCID-arq2-c738-tugt
4
vulnerability VCID-e37h-xnn4-hbcn
5
vulnerability VCID-gpcm-1wx2-guhq
6
vulnerability VCID-ktaj-j2nh-zug6
7
vulnerability VCID-m542-6h3p-gudj
8
vulnerability VCID-zka7-1e8v-d3d7
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4
aliases CVE-2022-24836, GHSA-crjr-9rc5-ghw8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwaq-3j9v-nbde
8
url VCID-ktaj-j2nh-zug6
vulnerability_id VCID-ktaj-j2nh-zug6
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/sparklemotion/nokogiri/discussions/3146
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/discussions/3146
2
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970
3
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
4
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25062
reference_id CVE-2024-25062
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25062
6
reference_url https://github.com/advisories/GHSA-xc9x-jj77-9p9j
reference_id GHSA-xc9x-jj77-9p9j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xc9x-jj77-9p9j
7
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j
reference_id GHSA-xc9x-jj77-9p9j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml
reference_id GHSA-xc9x-jj77-9p9j.yml
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml
fixed_packages
0
url pkg:gem/nokogiri@1.15.6
purl pkg:gem/nokogiri@1.15.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4yvf-h1z3-nfd7
1
vulnerability VCID-6b72-3exf-qfhs
2
vulnerability VCID-e37h-xnn4-hbcn
3
vulnerability VCID-gpcm-1wx2-guhq
4
vulnerability VCID-m542-6h3p-gudj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.15.6
1
url pkg:gem/nokogiri@1.16.0.rc1
purl pkg:gem/nokogiri@1.16.0.rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4yvf-h1z3-nfd7
1
vulnerability VCID-6b72-3exf-qfhs
2
vulnerability VCID-e37h-xnn4-hbcn
3
vulnerability VCID-gpcm-1wx2-guhq
4
vulnerability VCID-ktaj-j2nh-zug6
5
vulnerability VCID-m542-6h3p-gudj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.0.rc1
2
url pkg:gem/nokogiri@1.16.2
purl pkg:gem/nokogiri@1.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4yvf-h1z3-nfd7
1
vulnerability VCID-6b72-3exf-qfhs
2
vulnerability VCID-e37h-xnn4-hbcn
3
vulnerability VCID-gpcm-1wx2-guhq
4
vulnerability VCID-m542-6h3p-gudj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.2
aliases GHSA-xc9x-jj77-9p9j, GMS-2024-127
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ktaj-j2nh-zug6
9
url VCID-m542-6h3p-gudj
vulnerability_id VCID-m542-6h3p-gudj
summary 
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
## Summary

Nokogiri v1.18.3 upgrades its dependency libxml2 to
[v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6).

libxml2 v2.13.6 addresses:

- CVE-2025-24928
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
- CVE-2024-56171
   - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

## Impact

### CVE-2025-24928

Stack-buffer overflow is possible when reporting DTD validation
errors if the input contains a long (~3kb) QName prefix.

### CVE-2024-56171

Use-after-free is possible during validation against untrusted
XML Schemas (.xsd) and, potentially, validation of untrusted documents
against trusted Schemas if they make use of `xsd:keyref` in combination
with recursively defined types that have additional identity constraints.
references
0
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml
1
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m
3
reference_url https://github.com/advisories/GHSA-vvfq-8hwr-qm4m
reference_id GHSA-vvfq-8hwr-qm4m
reference_type
scores
url https://github.com/advisories/GHSA-vvfq-8hwr-qm4m
fixed_packages
0
url pkg:gem/nokogiri@1.18.3
purl pkg:gem/nokogiri@1.18.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6b72-3exf-qfhs
1
vulnerability VCID-e37h-xnn4-hbcn
2
vulnerability VCID-gpcm-1wx2-guhq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.3
aliases GHSA-vvfq-8hwr-qm4m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m542-6h3p-gudj
10
url VCID-zka7-1e8v-d3d7
vulnerability_id VCID-zka7-1e8v-d3d7
summary Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
references
0
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
1
reference_url https://github.com/advisories/GHSA-2qc6-mcvw-92cw
reference_id GHSA-2qc6-mcvw-92cw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qc6-mcvw-92cw
2
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
reference_id GHSA-2qc6-mcvw-92cw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw
fixed_packages
0
url pkg:gem/nokogiri@1.13.9
purl pkg:gem/nokogiri@1.13.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ks1-3a4g-eqe7
1
vulnerability VCID-4yvf-h1z3-nfd7
2
vulnerability VCID-6b72-3exf-qfhs
3
vulnerability VCID-arq2-c738-tugt
4
vulnerability VCID-e37h-xnn4-hbcn
5
vulnerability VCID-gpcm-1wx2-guhq
6
vulnerability VCID-ktaj-j2nh-zug6
7
vulnerability VCID-m542-6h3p-gudj
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.9
aliases GHSA-2qc6-mcvw-92cw
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zka7-1e8v-d3d7
Fixing_vulnerabilities
0
url VCID-9psz-qfqt-e3fs
vulnerability_id VCID-9psz-qfqt-e3fs
summary 
Improper Input Validation
In `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13117
reference_id
reference_type
scores
0
value 0.04376
scoring_system epss
scoring_elements 0.89144
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13117
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml
5
reference_url https://github.com/sparklemotion/nokogiri/issues/1943
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1943
6
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
7
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
9
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
11
reference_url https://oss-fuzz.com/testcase-detail/5631739747106816
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://oss-fuzz.com/testcase-detail/5631739747106816
12
reference_url https://security.netapp.com/advisory/ntap-20190806-0004
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190806-0004
13
reference_url https://security.netapp.com/advisory/ntap-20200122-0003
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200122-0003
14
reference_url https://usn.ubuntu.com/4164-1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4164-1
15
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://www.oracle.com/security-alerts/cpujan2020.html
16
reference_url http://www.openwall.com/lists/oss-security/2019/11/17/2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url http://www.openwall.com/lists/oss-security/2019/11/17/2
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321
reference_id 931321
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13117
reference_id CVE-2019-13117
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13117
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
reference_id IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
20
reference_url https://security.netapp.com/advisory/ntap-20190806-0004/
reference_id ntap-20190806-0004
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://security.netapp.com/advisory/ntap-20190806-0004/
21
reference_url https://security.netapp.com/advisory/ntap-20200122-0003/
reference_id ntap-20200122-0003
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://security.netapp.com/advisory/ntap-20200122-0003/
22
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
24
reference_url https://usn.ubuntu.com/4164-1/
reference_id USN-4164-1
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/
url https://usn.ubuntu.com/4164-1/
fixed_packages
0
url pkg:gem/nokogiri@1.10.5
purl pkg:gem/nokogiri@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12ee-na2t-6kg5
1
vulnerability VCID-1ks1-3a4g-eqe7
2
vulnerability VCID-4yvf-h1z3-nfd7
3
vulnerability VCID-6b72-3exf-qfhs
4
vulnerability VCID-arq2-c738-tugt
5
vulnerability VCID-e37h-xnn4-hbcn
6
vulnerability VCID-gpcm-1wx2-guhq
7
vulnerability VCID-jwaq-3j9v-nbde
8
vulnerability VCID-ktaj-j2nh-zug6
9
vulnerability VCID-m542-6h3p-gudj
10
vulnerability VCID-zka7-1e8v-d3d7
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5
aliases CVE-2019-13117, GHSA-4hm9-844j-jmxp
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9psz-qfqt-e3fs
1
url VCID-kzy6-b4n3-m7d4
vulnerability_id VCID-kzy6-b4n3-m7d4
summary 
Improper Input Validation
In `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13118
reference_id
reference_type
scores
0
value 0.01008
scoring_system epss
scoring_elements 0.77366
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13118
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069
3
reference_url http://seclists.org/fulldisclosure/2019/Aug/11
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Aug/11
4
reference_url http://seclists.org/fulldisclosure/2019/Aug/13
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Aug/13
5
reference_url http://seclists.org/fulldisclosure/2019/Aug/14
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Aug/14
6
reference_url http://seclists.org/fulldisclosure/2019/Aug/15
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Aug/15
7
reference_url http://seclists.org/fulldisclosure/2019/Jul/22
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/22
8
reference_url http://seclists.org/fulldisclosure/2019/Jul/23
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/23
9
reference_url http://seclists.org/fulldisclosure/2019/Jul/24
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/24
10
reference_url http://seclists.org/fulldisclosure/2019/Jul/26
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/26
11
reference_url http://seclists.org/fulldisclosure/2019/Jul/31
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/31
12
reference_url http://seclists.org/fulldisclosure/2019/Jul/37
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/37
13
reference_url http://seclists.org/fulldisclosure/2019/Jul/38
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://seclists.org/fulldisclosure/2019/Jul/38
14
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
15
reference_url https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796
16
reference_url https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e
17
reference_url https://github.com/sparklemotion/nokogiri/issues/1943
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1943
18
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5
19
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
20
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
22
reference_url https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
24
reference_url https://oss-fuzz.com/testcase-detail/5197371471822848
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://oss-fuzz.com/testcase-detail/5197371471822848
25
reference_url https://seclists.org/bugtraq/2019/Aug/21
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Aug/21
26
reference_url https://seclists.org/bugtraq/2019/Aug/22
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Aug/22
27
reference_url https://seclists.org/bugtraq/2019/Aug/23
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Aug/23
28
reference_url https://seclists.org/bugtraq/2019/Aug/25
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Aug/25
29
reference_url https://seclists.org/bugtraq/2019/Jul/35
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Jul/35
30
reference_url https://seclists.org/bugtraq/2019/Jul/36
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Jul/36
31
reference_url https://seclists.org/bugtraq/2019/Jul/37
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Jul/37
32
reference_url https://seclists.org/bugtraq/2019/Jul/40
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Jul/40
33
reference_url https://seclists.org/bugtraq/2019/Jul/41
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Jul/41
34
reference_url https://seclists.org/bugtraq/2019/Jul/42
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://seclists.org/bugtraq/2019/Jul/42
35
reference_url https://security.netapp.com/advisory/ntap-20190806-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190806-0004
36
reference_url https://security.netapp.com/advisory/ntap-20200122-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200122-0003
37
reference_url https://support.apple.com/kb/HT210346
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210346
38
reference_url https://support.apple.com/kb/HT210348
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210348
39
reference_url https://support.apple.com/kb/HT210351
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210351
40
reference_url https://support.apple.com/kb/HT210353
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210353
41
reference_url https://support.apple.com/kb/HT210356
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210356
42
reference_url https://support.apple.com/kb/HT210357
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210357
43
reference_url https://support.apple.com/kb/HT210358
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://support.apple.com/kb/HT210358
44
reference_url https://usn.ubuntu.com/4164-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4164-1
45
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://www.oracle.com/security-alerts/cpujan2020.html
46
reference_url http://www.openwall.com/lists/oss-security/2019/11/17/2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url http://www.openwall.com/lists/oss-security/2019/11/17/2
47
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320
reference_id 931320
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320
48
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13118
reference_id CVE-2019-13118
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13118
49
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
reference_id IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
50
reference_url https://security.netapp.com/advisory/ntap-20190806-0004/
reference_id ntap-20190806-0004
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://security.netapp.com/advisory/ntap-20190806-0004/
51
reference_url https://security.netapp.com/advisory/ntap-20200122-0003/
reference_id ntap-20200122-0003
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://security.netapp.com/advisory/ntap-20200122-0003/
52
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
53
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
54
reference_url https://usn.ubuntu.com/4164-1/
reference_id USN-4164-1
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/
url https://usn.ubuntu.com/4164-1/
fixed_packages
0
url pkg:gem/nokogiri@1.10.5
purl pkg:gem/nokogiri@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12ee-na2t-6kg5
1
vulnerability VCID-1ks1-3a4g-eqe7
2
vulnerability VCID-4yvf-h1z3-nfd7
3
vulnerability VCID-6b72-3exf-qfhs
4
vulnerability VCID-arq2-c738-tugt
5
vulnerability VCID-e37h-xnn4-hbcn
6
vulnerability VCID-gpcm-1wx2-guhq
7
vulnerability VCID-jwaq-3j9v-nbde
8
vulnerability VCID-ktaj-j2nh-zug6
9
vulnerability VCID-m542-6h3p-gudj
10
vulnerability VCID-zka7-1e8v-d3d7
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5
aliases CVE-2019-13118, GHSA-cf46-6xxh-pc75
risk_score 2.6
exploitability 0.5
weighted_severity 5.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzy6-b4n3-m7d4
2
url VCID-qysn-w1za-83ea
vulnerability_id VCID-qysn-w1za-83ea
summary multiple issues
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html
2
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
4
reference_url https://access.redhat.com/errata/RHSA-2020:0514
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://access.redhat.com/errata/RHSA-2020:0514
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18197
reference_id
reference_type
scores
0
value 0.04534
scoring_system epss
scoring_elements 0.89343
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18197
6
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746
7
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768
8
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml
11
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
12
reference_url https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934
13
reference_url https://github.com/sparklemotion/nokogiri/issues/1943
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1943
14
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
15
reference_url https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html
16
reference_url https://security.netapp.com/advisory/ntap-20191031-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191031-0004
17
reference_url https://security.netapp.com/advisory/ntap-20200416-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200416-0004
18
reference_url https://usn.ubuntu.com/4164-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4164-1
19
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://www.oracle.com/security-alerts/cpuapr2020.html
20
reference_url http://www.openwall.com/lists/oss-security/2019/11/17/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url http://www.openwall.com/lists/oss-security/2019/11/17/2
21
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646
reference_id 942646
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646
22
reference_url https://security.archlinux.org/ASA-202002-3
reference_id ASA-202002-3
reference_type
scores
url https://security.archlinux.org/ASA-202002-3
23
reference_url https://security.archlinux.org/AVG-1092
reference_id AVG-1092
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1092
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18197
reference_id CVE-2019-18197
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18197
25
reference_url https://security.netapp.com/advisory/ntap-20191031-0004/
reference_id ntap-20191031-0004
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://security.netapp.com/advisory/ntap-20191031-0004/
26
reference_url https://security.netapp.com/advisory/ntap-20200416-0004/
reference_id ntap-20200416-0004
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://security.netapp.com/advisory/ntap-20200416-0004/
27
reference_url https://usn.ubuntu.com/4164-1/
reference_id USN-4164-1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/
url https://usn.ubuntu.com/4164-1/
fixed_packages
0
url pkg:gem/nokogiri@1.10.5
purl pkg:gem/nokogiri@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12ee-na2t-6kg5
1
vulnerability VCID-1ks1-3a4g-eqe7
2
vulnerability VCID-4yvf-h1z3-nfd7
3
vulnerability VCID-6b72-3exf-qfhs
4
vulnerability VCID-arq2-c738-tugt
5
vulnerability VCID-e37h-xnn4-hbcn
6
vulnerability VCID-gpcm-1wx2-guhq
7
vulnerability VCID-jwaq-3j9v-nbde
8
vulnerability VCID-ktaj-j2nh-zug6
9
vulnerability VCID-m542-6h3p-gudj
10
vulnerability VCID-zka7-1e8v-d3d7
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5
aliases CVE-2019-18197, GHSA-242x-7cm6-4w8j
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qysn-w1za-83ea
3
url VCID-w6ws-2kbb-bfgs
vulnerability_id VCID-w6ws-2kbb-bfgs
summary multiple issues
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5815
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29283
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5815
1
reference_url https://bugs.chromium.org/p/chromium/issues/detail?id=930663
reference_id
reference_type
scores
url https://bugs.chromium.org/p/chromium/issues/detail?id=930663
2
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml
3
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
4
reference_url https://github.com/sparklemotion/nokogiri/issues/2630
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/2630
5
reference_url https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b
6
reference_url https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html
7
reference_url https://security.archlinux.org/ASA-201904-12
reference_id ASA-201904-12
reference_type
scores
url https://security.archlinux.org/ASA-201904-12
8
reference_url https://security.archlinux.org/AVG-952
reference_id AVG-952
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-952
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5815
reference_id CVE-2019-5815
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5815
10
reference_url https://security.gentoo.org/glsa/201908-18
reference_id GLSA-201908-18
reference_type
scores
url https://security.gentoo.org/glsa/201908-18
11
reference_url https://usn.ubuntu.com/5575-1/
reference_id USN-5575-1
reference_type
scores
url https://usn.ubuntu.com/5575-1/
12
reference_url https://usn.ubuntu.com/5575-2/
reference_id USN-5575-2
reference_type
scores
url https://usn.ubuntu.com/5575-2/
fixed_packages
0
url pkg:gem/nokogiri@1.10.4
purl pkg:gem/nokogiri@1.10.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12ee-na2t-6kg5
1
vulnerability VCID-1ks1-3a4g-eqe7
2
vulnerability VCID-4yvf-h1z3-nfd7
3
vulnerability VCID-6b72-3exf-qfhs
4
vulnerability VCID-9psz-qfqt-e3fs
5
vulnerability VCID-arq2-c738-tugt
6
vulnerability VCID-e37h-xnn4-hbcn
7
vulnerability VCID-gpcm-1wx2-guhq
8
vulnerability VCID-jwaq-3j9v-nbde
9
vulnerability VCID-ktaj-j2nh-zug6
10
vulnerability VCID-m542-6h3p-gudj
11
vulnerability VCID-qysn-w1za-83ea
12
vulnerability VCID-zka7-1e8v-d3d7
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4
1
url pkg:gem/nokogiri@1.10.5
purl pkg:gem/nokogiri@1.10.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12ee-na2t-6kg5
1
vulnerability VCID-1ks1-3a4g-eqe7
2
vulnerability VCID-4yvf-h1z3-nfd7
3
vulnerability VCID-6b72-3exf-qfhs
4
vulnerability VCID-arq2-c738-tugt
5
vulnerability VCID-e37h-xnn4-hbcn
6
vulnerability VCID-gpcm-1wx2-guhq
7
vulnerability VCID-jwaq-3j9v-nbde
8
vulnerability VCID-ktaj-j2nh-zug6
9
vulnerability VCID-m542-6h3p-gudj
10
vulnerability VCID-zka7-1e8v-d3d7
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5
aliases CVE-2019-5815, GHSA-vmfx-gcfq-wvm2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6ws-2kbb-bfgs
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5