Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/929230?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/929230?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie", "type": "deb", "namespace": "debian", "name": "libxml2", "version": "2.9.10+dfsg-2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.9.10+dfsg-2.1", "latest_non_vulnerable_version": "2.15.2+dfsg-0.1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8546?format=api", "vulnerability_id": "VCID-azzy-m5pc-qudn", "summary": "Loop with Unreachable Exit Condition ('Infinite Loop')\nparser.c in libxml2 does not prevent infinite recursion in parameter entities.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95738", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95772", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95773", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95769", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95766", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95757", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95755", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95774", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95747", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16932" }, { "reference_url": "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=759579", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=759579" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1714", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1714" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html" }, { "reference_url": "https://usn.ubuntu.com/3739-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3739-1" }, { "reference_url": "https://usn.ubuntu.com/3739-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://usn.ubuntu.com/3739-1/" }, { "reference_url": "https://usn.ubuntu.com/usn/usn-3504-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/usn/usn-3504-1/" }, { "reference_url": "http://xmlsoft.org/news.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "http://xmlsoft.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517316", "reference_id": "1517316", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517316" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613", "reference_id": "882613", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16932", "reference_id": "CVE-2017-16932", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16932" }, { "reference_url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", "reference_id": "CVE-2017-16932.HTML", "reference_type": "", "scores": [], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html" }, { "reference_url": "https://github.com/advisories/GHSA-x2fm-93ww-ggvx", "reference_id": "GHSA-x2fm-93ww-ggvx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2fm-93ww-ggvx" }, { "reference_url": "https://usn.ubuntu.com/3504-1/", "reference_id": "USN-3504-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3504-1/" }, { "reference_url": "https://usn.ubuntu.com/3504-2/", "reference_id": "USN-3504-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3504-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929230?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-16932", "GHSA-x2fm-93ww-ggvx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azzy-m5pc-qudn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9630?format=api", "vulnerability_id": "VCID-bejh-22y7-kuh6", "summary": "NULL Pointer Dereference\nA NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1543", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1543" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18492", "scoring_system": "epss", "scoring_elements": "0.95218", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.18492", "scoring_system": "epss", "scoring_elements": "0.95206", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.18492", "scoring_system": "epss", "scoring_elements": "0.9522", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.20012", "scoring_system": "epss", "scoring_elements": "0.95464", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.20012", "scoring_system": "epss", "scoring_elements": "0.95468", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.20012", "scoring_system": "epss", "scoring_elements": "0.95469", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.20012", "scoring_system": "epss", "scoring_elements": "0.95454", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.20012", "scoring_system": "epss", "scoring_elements": "0.95461", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14404" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595985" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1785", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1785" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/issues/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/issues/10" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190719-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0002/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190719-0002/" }, { "reference_url": "https://usn.ubuntu.com/3739-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3739-1" }, { "reference_url": "https://usn.ubuntu.com/3739-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://usn.ubuntu.com/3739-1/" }, { "reference_url": "https://usn.ubuntu.com/3739-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3739-2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", "reference_id": "CVE-2018-14404", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml", "reference_id": "CVE-2018-14404.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml" }, { "reference_url": "https://github.com/advisories/GHSA-6qvp-r6r3-9p7h", "reference_id": "GHSA-6qvp-r6r3-9p7h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6qvp-r6r3-9p7h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1190", "reference_id": "RHSA-2020:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1827", "reference_id": "RHSA-2020:1827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1827" }, { "reference_url": "https://usn.ubuntu.com/3739-2/", "reference_id": "USN-3739-2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://usn.ubuntu.com/3739-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929230?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14404", "GHSA-6qvp-r6r3-9p7h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bejh-22y7-kuh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7551?format=api", "vulnerability_id": "VCID-qtp3-a1g7-8kgw", "summary": "Improper Restriction of XML External Entity Reference\nlibxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9318", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31023", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31068", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32866", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32769", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32722", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32735", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.3896", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38972", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9318" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395609", "reference_id": "1395609", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395609" }, { "reference_url": "https://github.com/lsh123/xmlsec/issues/43", "reference_id": "43", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/" } ], "url": "https://github.com/lsh123/xmlsec/issues/43" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581", "reference_id": "844581", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581" }, { "reference_url": "http://www.securityfocus.com/bid/94347", "reference_id": "94347", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/" } ], "url": "http://www.securityfocus.com/bid/94347" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9318", "reference_id": "CVE-2016-9318", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9318" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=772726", "reference_id": "show_bug.cgi?id=772726", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/" } ], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=772726" }, { "reference_url": "https://usn.ubuntu.com/3739-2/", "reference_id": "USN-3739-2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/" } ], "url": "https://usn.ubuntu.com/3739-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929230?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9318" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtp3-a1g7-8kgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9765?format=api", "vulnerability_id": "VCID-t53m-6vvr-27cf", "summary": "Loop with Unreachable Exit Condition ('Infinite Loop')\nlibxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71451", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71459", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71476", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71449", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71489", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71501", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71524", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71508", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.7149", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", "reference_id": "1619875", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619875" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", "reference_id": "CVE-2018-14567", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14567" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1190", "reference_id": "RHSA-2020:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929230?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14567" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t53m-6vvr-27cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81686?format=api", "vulnerability_id": "VCID-ugyh-dycm-3bc3", "summary": "libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36075", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.3601", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36204", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36231", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36066", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36115", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36133", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.3614", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36102", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19956" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788856", "reference_id": "1788856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788856" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", "reference_id": "5a02583c7e683896d84878bd90641d8d9b0d0549", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "reference_id": "5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19956", "reference_id": "CVE-2019-19956", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19956" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "reference_id": "JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html", "reference_id": "msg00005.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", "reference_id": "msg00032.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200114-0002/", "reference_id": "ntap-20200114-0002", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20200114-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3996", "reference_id": "RHSA-2020:3996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4479", "reference_id": "RHSA-2020:4479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929230?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-19956" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugyh-dycm-3bc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8947?format=api", "vulnerability_id": "VCID-wc4g-sxyq-ubcd", "summary": "Allocation of Resources Without Limits or Throttling\nThe xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18258", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73872", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.7388", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73824", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73898", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73833", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73858", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73829", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73863", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18258" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190719-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190719-0001/" }, { "reference_url": "https://usn.ubuntu.com/3739-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3739-1" }, { "reference_url": "https://usn.ubuntu.com/3739-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3739-1/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", "reference_id": "1566749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566749" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245", "reference_id": "895245", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245" }, { "reference_url": "https://security.archlinux.org/AVG-671", "reference_id": "AVG-671", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-671" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", "reference_id": "CVE-2017-18258", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258" }, { "reference_url": "https://github.com/advisories/GHSA-882p-jqgm-f45g", "reference_id": "GHSA-882p-jqgm-f45g", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-882p-jqgm-f45g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1190", "reference_id": "RHSA-2020:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/929230?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929198?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929196?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929200?format=api", "purl": "pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/929199?format=api", "purl": "pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-18258", "GHSA-882p-jqgm-f45g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4g-sxyq-ubcd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie" }