Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/929206?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/929206?format=api", "purl": "pkg:deb/debian/libxml2@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "libxml2", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.6.6-1", "latest_non_vulnerable_version": "2.15.2+dfsg-0.1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9692?format=api", "vulnerability_id": "VCID-4gyr-nwyy-qfeq", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nIt was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9597.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9597.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01251", "scoring_system": "epss", "scoring_elements": "0.79339", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01251", "scoring_system": "epss", "scoring_elements": "0.79289", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01251", "scoring_system": "epss", "scoring_elements": "0.79296", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01251", "scoring_system": "epss", "scoring_elements": "0.7932", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01251", "scoring_system": "epss", "scoring_elements": "0.79306", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01251", "scoring_system": "epss", "scoring_elements": "0.79331", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01251", "scoring_system": "epss", "scoring_elements": "0.79341", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01251", "scoring_system": "epss", "scoring_elements": "0.79365", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01251", "scoring_system": "epss", "scoring_elements": "0.79349", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9597" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/98567", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/98567" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408305", "reference_id": "1408305", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408305" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9597", "reference_id": "CVE-2016-9597", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9597" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929206?format=api", "purl": "pkg:deb/debian/libxml2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9597" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gyr-nwyy-qfeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8928?format=api", "vulnerability_id": "VCID-8pzj-mq5r-rqcq", "summary": "Loop with Unreachable Exit Condition ('Infinite Loop')\nThe xz_decomp function in xzlib.c in libxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9251.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9251.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.735", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73551", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73553", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73576", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73559", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73509", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73531", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73503", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00772", "scoring_system": "epss", "scoring_elements": "0.73539", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9251" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=794914", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=794914" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565318", "reference_id": "1565318", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565318" }, { "reference_url": "https://security.archlinux.org/ASA-201810-3", "reference_id": "ASA-201810-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-3" }, { "reference_url": "https://security.archlinux.org/ASA-201810-4", "reference_id": "ASA-201810-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201810-4" }, { "reference_url": "https://security.archlinux.org/AVG-672", "reference_id": "AVG-672", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-672" }, { "reference_url": "https://security.archlinux.org/AVG-673", "reference_id": "AVG-673", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-673" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9251", "reference_id": "CVE-2018-9251", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9251" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1827", "reference_id": "RHSA-2020:1827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1827" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929206?format=api", "purl": "pkg:deb/debian/libxml2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-9251" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8pzj-mq5r-rqcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6819?format=api", "vulnerability_id": "VCID-a28u-yu15-3qa6", "summary": "Use After Free\nMultiple use-after-free vulnerabilities in libxml2 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00109.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00109.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00081.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00081.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1969.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76355", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76358", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76388", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.7637", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76402", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76417", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.76442", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.7642", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1969" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=690202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=690202" }, { "reference_url": "http://secunia.com/advisories/53061", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/53061" }, { "reference_url": "https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/04/17/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/04/17/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/04/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/04/19/1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1817-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-1817-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=953722", "reference_id": "953722", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=953722" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1969", "reference_id": "CVE-2013-1969", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1969" }, { "reference_url": "https://security.gentoo.org/glsa/201311-06", "reference_id": "GLSA-201311-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-06" }, { "reference_url": "https://security.gentoo.org/glsa/201412-11", "reference_id": "GLSA-201412-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-11" }, { "reference_url": "https://usn.ubuntu.com/1817-1/", "reference_id": "USN-1817-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1817-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929206?format=api", "purl": "pkg:deb/debian/libxml2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1969" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a28u-yu15-3qa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9767?format=api", "vulnerability_id": "VCID-b828-btkm-tufv", "summary": "Uncontrolled Resource Consumption\nlibxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9596.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9596.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9596", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71393", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71349", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71357", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71375", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.7139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71403", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71426", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71411", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9596" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408302" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9596", "reference_id": "CVE-2016-9596", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9596" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929206?format=api", "purl": "pkg:deb/debian/libxml2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9596" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b828-btkm-tufv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72598?format=api", "vulnerability_id": "VCID-bmv8-f7rb-43dc", "summary": "libxml2: XXE vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40896.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40896.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68051", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68009", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.6806", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68075", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68099", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68085", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68012", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00553", "scoring_system": "epss", "scoring_elements": "0.68031", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40896" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6", "reference_id": "1a8932303969907f6572b1b6aac4081c56adb5c6", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-24T02:10:22Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333871", "reference_id": "2333871", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333871" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/761", "reference_id": "761", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-24T02:10:22Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/761" }, { "reference_url": "https://usn.ubuntu.com/7215-1/", "reference_id": "USN-7215-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7215-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929206?format=api", "purl": "pkg:deb/debian/libxml2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-40896" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmv8-f7rb-43dc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68081?format=api", "vulnerability_id": "VCID-drf1-ktzv-a3dk", "summary": "libxml2: Libxml2 out of bounds read", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26434.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26434.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26434", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00391", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00369", "published_at": "2026-04-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00375", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00371", "published_at": "2026-04-12T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0038", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00377", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26434" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393475", "reference_id": "2393475", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393475" }, { "reference_url": "https://source.android.com/security/bulletin/android-16", "reference_id": "android-16", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T16:44:27Z/" } ], "url": "https://source.android.com/security/bulletin/android-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929206?format=api", "purl": "pkg:deb/debian/libxml2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-26434" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-drf1-ktzv-a3dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69451?format=api", "vulnerability_id": "VCID-eqva-5dwq-d7cw", "summary": "libxml: Null pointer dereference leads to Denial of service (DoS)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36079", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36109", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35945", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35994", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36017", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.36024", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68122", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68089", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49795" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372379", "reference_id": "2372379", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:30:23Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372379" }, { "reference_url": "https://security.archlinux.org/AVG-2898", "reference_id": "AVG-2898", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2898" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1", "reference_id": "cpe:/a:redhat:jboss_core_services:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-49795", "reference_id": "CVE-2025-49795", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:30:23Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-49795" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10630", "reference_id": "RHSA-2025:10630", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:30:23Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:10630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19020", "reference_id": "RHSA-2025:19020", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:30:23Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:19020" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929206?format=api", "purl": "pkg:deb/debian/libxml2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-49795" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eqva-5dwq-d7cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9766?format=api", "vulnerability_id": "VCID-gc1r-nauj-1fge", "summary": "Out-of-bounds Read\nlibxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2486", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2486" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9598.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9598.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9598", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71349", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71357", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71375", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.7139", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71403", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71426", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71411", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00673", "scoring_system": "epss", "scoring_elements": "0.71393", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9598" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9598", "reference_id": "CVE-2016-9598", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9598" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929206?format=api", "purl": "pkg:deb/debian/libxml2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9598" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gc1r-nauj-1fge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50173?format=api", "vulnerability_id": "VCID-rbdy-dm61-jkdw", "summary": "Multiple vulnerabilities in libxml2 might lead to execution of arbitrary\n code or Denial of Service.", "references": [ { "reference_url": "http://bugzilla.gnome.org/show_bug.cgi?id=554660", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=554660" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2008/10/02/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2008/10/02/4" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4409.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4409.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4409", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11297", "scoring_system": "epss", "scoring_elements": "0.93526", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11297", "scoring_system": "epss", "scoring_elements": "0.93494", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11297", "scoring_system": "epss", "scoring_elements": "0.93503", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11297", "scoring_system": "epss", "scoring_elements": "0.9351", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11297", "scoring_system": "epss", "scoring_elements": "0.93518", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11297", "scoring_system": "epss", "scoring_elements": "0.93521", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11297", "scoring_system": "epss", "scoring_elements": "0.93527", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4409" }, { "reference_url": "http://secunia.com/advisories/32130", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/32130" }, { "reference_url": "http://secunia.com/advisories/32175", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/32175" }, { "reference_url": "http://secunia.com/advisories/32974", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/32974" }, { "reference_url": "http://secunia.com/advisories/35379", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/35379" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200812-06.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200812-06.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45633" }, { "reference_url": "http://support.apple.com/kb/HT3613", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT3613" }, { "reference_url": "http://support.apple.com/kb/HT3639", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT3639" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00125.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00125.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00130.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00130.html" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:212", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:212" }, { "reference_url": "http://www.securityfocus.com/bid/31555", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/31555" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/1522", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/1522" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/1621", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/1621" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=465756", "reference_id": "465756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=465756" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4409", "reference_id": "CVE-2008-4409", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4409" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/32454.xml", "reference_id": "CVE-2008-4409;OSVDB-48754", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/32454.xml" }, { "reference_url": "https://www.securityfocus.com/bid/31555/info", "reference_id": "CVE-2008-4409;OSVDB-48754", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/31555/info" }, { "reference_url": "https://security.gentoo.org/glsa/200812-06", "reference_id": "GLSA-200812-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200812-06" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929206?format=api", "purl": "pkg:deb/debian/libxml2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-4409" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rbdy-dm61-jkdw" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie" }