Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
Typedeb
Namespacedebian
Nameruby-nokogiri
Version1.18.2+dfsg-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.19.1+dfsg-1
Latest_non_vulnerable_version1.19.1+dfsg-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-64c1-dzhs-u3gj
vulnerability_id VCID-64c1-dzhs-u3gj
summary 
Nokogiri has a vulnerability allowing arbitrary execution of code
    if a certain function is used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-5477
reference_id
reference_type
scores
0
value 0.06079
scoring_system epss
scoring_elements 0.90714
published_at 2026-04-01T12:55:00Z
1
value 0.06079
scoring_system epss
scoring_elements 0.90779
published_at 2026-04-18T12:55:00Z
2
value 0.06079
scoring_system epss
scoring_elements 0.90782
published_at 2026-04-16T12:55:00Z
3
value 0.06079
scoring_system epss
scoring_elements 0.90763
published_at 2026-04-13T12:55:00Z
4
value 0.06079
scoring_system epss
scoring_elements 0.90765
published_at 2026-04-12T12:55:00Z
5
value 0.06079
scoring_system epss
scoring_elements 0.90766
published_at 2026-04-11T12:55:00Z
6
value 0.06079
scoring_system epss
scoring_elements 0.90758
published_at 2026-04-09T12:55:00Z
7
value 0.06079
scoring_system epss
scoring_elements 0.90751
published_at 2026-04-08T12:55:00Z
8
value 0.06079
scoring_system epss
scoring_elements 0.90741
published_at 2026-04-07T12:55:00Z
9
value 0.06079
scoring_system epss
scoring_elements 0.9073
published_at 2026-04-04T12:55:00Z
10
value 0.06079
scoring_system epss
scoring_elements 0.9072
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-5477
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5477
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml
5
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
6
reference_url https://github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dc
7
reference_url https://github.com/sparklemotion/nokogiri/issues/1915
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1915
8
reference_url https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc
9
reference_url https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926
10
reference_url https://hackerone.com/reports/650835
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/650835
11
reference_url https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html
12
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
13
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-5477
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-5477
15
reference_url https://usn.ubuntu.com/4175-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4175-1
16
reference_url https://usn.ubuntu.com/4175-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4175-1/
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802
reference_id 934802
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905
reference_id 940905
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905
19
reference_url https://github.com/advisories/GHSA-cr5j-953j-xw5p
reference_id GHSA-cr5j-953j-xw5p
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr5j-953j-xw5p
20
reference_url https://security.gentoo.org/glsa/202006-05
reference_id GLSA-202006-05
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202006-05
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@1.10.4%2Bdfsg1-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.10.4%2Bdfsg1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.10.4%252Bdfsg1-1%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2019-5477, GHSA-cr5j-953j-xw5p
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64c1-dzhs-u3gj
1
url VCID-8geh-vfns-pfgs
vulnerability_id VCID-8geh-vfns-pfgs
summary 
Improper Restriction of XML External Entity Reference
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41098.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41098.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41098
reference_id
reference_type
scores
0
value 0.00564
scoring_system epss
scoring_elements 0.68463
published_at 2026-04-18T12:55:00Z
1
value 0.00564
scoring_system epss
scoring_elements 0.68449
published_at 2026-04-16T12:55:00Z
2
value 0.00564
scoring_system epss
scoring_elements 0.68411
published_at 2026-04-13T12:55:00Z
3
value 0.00564
scoring_system epss
scoring_elements 0.68444
published_at 2026-04-12T12:55:00Z
4
value 0.00564
scoring_system epss
scoring_elements 0.68456
published_at 2026-04-11T12:55:00Z
5
value 0.00564
scoring_system epss
scoring_elements 0.6843
published_at 2026-04-09T12:55:00Z
6
value 0.00564
scoring_system epss
scoring_elements 0.68413
published_at 2026-04-08T12:55:00Z
7
value 0.00564
scoring_system epss
scoring_elements 0.68362
published_at 2026-04-07T12:55:00Z
8
value 0.00565
scoring_system epss
scoring_elements 0.68359
published_at 2026-04-01T12:55:00Z
9
value 0.00565
scoring_system epss
scoring_elements 0.68379
published_at 2026-04-02T12:55:00Z
10
value 0.00565
scoring_system epss
scoring_elements 0.68398
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41098
2
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-41098.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-41098.yml
3
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
4
reference_url https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d
5
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2008914
reference_id 2008914
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2008914
7
reference_url https://security.archlinux.org/AVG-2424
reference_id AVG-2424
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2424
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41098
reference_id CVE-2021-41098
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41098
9
reference_url https://github.com/advisories/GHSA-2rr5-8q37-2w7h
reference_id GHSA-2rr5-8q37-2w7h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rr5-8q37-2w7h
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@0?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2021-41098, GHSA-2rr5-8q37-2w7h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8geh-vfns-pfgs
2
url VCID-8zyc-vw5k-wqaw
vulnerability_id VCID-8zyc-vw5k-wqaw
summary 
sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow
### Withdrawn Advisory

This advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references.

### Original Description

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6494
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07325
published_at 2026-04-04T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07418
published_at 2026-04-13T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07429
published_at 2026-04-12T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07442
published_at 2026-04-11T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07456
published_at 2026-04-09T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07432
published_at 2026-04-08T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07307
published_at 2026-04-07T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07284
published_at 2026-04-02T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07346
published_at 2026-04-16T12:55:00Z
9
value 0.00071
scoring_system epss
scoring_elements 0.21675
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6494
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
3
reference_url https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a
4
reference_url https://github.com/sparklemotion/nokogiri/issues/3508
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://github.com/sparklemotion/nokogiri/issues/3508
5
reference_url https://github.com/sparklemotion/nokogiri/pull/3524
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://github.com/sparklemotion/nokogiri/pull/3524
6
reference_url https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6494
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6494
8
reference_url https://vuldb.com/?ctiid.313611
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://vuldb.com/?ctiid.313611
9
reference_url https://vuldb.com/?id.313611
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://vuldb.com/?id.313611
10
reference_url https://vuldb.com/?submit.601006
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://vuldb.com/?submit.601006
11
reference_url https://github.com/advisories/GHSA-jc9r-qcgw-fxq9
reference_id GHSA-jc9r-qcgw-fxq9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jc9r-qcgw-fxq9
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@0?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2025-6494, GHSA-jc9r-qcgw-fxq9
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zyc-vw5k-wqaw
3
url VCID-9wgc-swf9-z7hq
vulnerability_id VCID-9wgc-swf9-z7hq
summary 
Inefficient Regular Expression Complexity
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24836
reference_id
reference_type
scores
0
value 0.0134
scoring_system epss
scoring_elements 0.80038
published_at 2026-04-18T12:55:00Z
1
value 0.0134
scoring_system epss
scoring_elements 0.80039
published_at 2026-04-16T12:55:00Z
2
value 0.0134
scoring_system epss
scoring_elements 0.8001
published_at 2026-04-13T12:55:00Z
3
value 0.0134
scoring_system epss
scoring_elements 0.80018
published_at 2026-04-12T12:55:00Z
4
value 0.0134
scoring_system epss
scoring_elements 0.80035
published_at 2026-04-11T12:55:00Z
5
value 0.0134
scoring_system epss
scoring_elements 0.79978
published_at 2026-04-07T12:55:00Z
6
value 0.0134
scoring_system epss
scoring_elements 0.80006
published_at 2026-04-08T12:55:00Z
7
value 0.0134
scoring_system epss
scoring_elements 0.80015
published_at 2026-04-09T12:55:00Z
8
value 0.01377
scoring_system epss
scoring_elements 0.80208
published_at 2026-04-02T12:55:00Z
9
value 0.01377
scoring_system epss
scoring_elements 0.80228
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24836
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24836
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24836
3
reference_url http://seclists.org/fulldisclosure/2022/Dec/23
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2022/Dec/23
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml
6
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
7
reference_url https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd
8
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
9
reference_url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer
10
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html
11
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/
18
reference_url https://security.gentoo.org/glsa/202208-29
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-29
19
reference_url https://support.apple.com/kb/HT213532
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT213532
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787
reference_id 1009787
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2074346
reference_id 2074346
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2074346
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24836
reference_id CVE-2022-24836
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24836
23
reference_url https://github.com/advisories/GHSA-crjr-9rc5-ghw8
reference_id GHSA-crjr-9rc5-ghw8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-crjr-9rc5-ghw8
24
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
reference_id GHSA-crjr-9rc5-ghw8
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8
25
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.5%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.5%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2022-24836, GHSA-crjr-9rc5-ghw8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wgc-swf9-z7hq
4
url VCID-eru7-uy2t-d3ef
vulnerability_id VCID-eru7-uy2t-d3ef
summary A vulnerability has been discovered in Nokogiri, which can lead to a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23476
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.4538
published_at 2026-04-09T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45324
published_at 2026-04-07T12:55:00Z
2
value 0.00232
scoring_system epss
scoring_elements 0.46063
published_at 2026-04-02T12:55:00Z
3
value 0.00232
scoring_system epss
scoring_elements 0.46084
published_at 2026-04-04T12:55:00Z
4
value 0.00241
scoring_system epss
scoring_elements 0.47337
published_at 2026-04-12T12:55:00Z
5
value 0.00241
scoring_system epss
scoring_elements 0.47363
published_at 2026-04-11T12:55:00Z
6
value 0.00241
scoring_system epss
scoring_elements 0.47402
published_at 2026-04-16T12:55:00Z
7
value 0.00241
scoring_system epss
scoring_elements 0.47395
published_at 2026-04-18T12:55:00Z
8
value 0.00241
scoring_system epss
scoring_elements 0.47344
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23476
2
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml
3
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
4
reference_url https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/
url https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
5
reference_url https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/
url https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
6
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23476
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23476
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2153279
reference_id 2153279
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2153279
9
reference_url https://github.com/advisories/GHSA-qv4q-mr5r-qprj
reference_id GHSA-qv4q-mr5r-qprj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qv4q-mr5r-qprj
10
reference_url https://security.gentoo.org/glsa/202408-13
reference_id GLSA-202408-13
reference_type
scores
url https://security.gentoo.org/glsa/202408-13
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@0?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2022-23476, GHSA-qv4q-mr5r-qprj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eru7-uy2t-d3ef
5
url VCID-gxbt-wyyf-1yg8
vulnerability_id VCID-gxbt-wyyf-1yg8
summary 
Nokogiri vulnerable to DoS while parsing XML entities
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6461.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6461.json
1
reference_url https://access.redhat.com/security/cve/cve-2013-6461
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2013-6461
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6461
reference_id
reference_type
scores
0
value 0.02046
scoring_system epss
scoring_elements 0.83882
published_at 2026-04-16T12:55:00Z
1
value 0.02046
scoring_system epss
scoring_elements 0.83797
published_at 2026-04-02T12:55:00Z
2
value 0.02046
scoring_system epss
scoring_elements 0.83883
published_at 2026-04-18T12:55:00Z
3
value 0.02046
scoring_system epss
scoring_elements 0.83849
published_at 2026-04-13T12:55:00Z
4
value 0.02046
scoring_system epss
scoring_elements 0.83854
published_at 2026-04-12T12:55:00Z
5
value 0.02046
scoring_system epss
scoring_elements 0.8386
published_at 2026-04-11T12:55:00Z
6
value 0.02046
scoring_system epss
scoring_elements 0.83843
published_at 2026-04-09T12:55:00Z
7
value 0.02046
scoring_system epss
scoring_elements 0.83837
published_at 2026-04-08T12:55:00Z
8
value 0.02046
scoring_system epss
scoring_elements 0.83813
published_at 2026-04-07T12:55:00Z
9
value 0.02046
scoring_system epss
scoring_elements 0.83812
published_at 2026-04-04T12:55:00Z
10
value 0.02046
scoring_system epss
scoring_elements 0.83784
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6461
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/90059
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/90059
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6461.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6461.yml
6
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
7
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6461
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6461
9
reference_url https://security-tracker.debian.org/tracker/CVE-2013-6461
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2013-6461
10
reference_url https://web.archive.org/web/20200804224345/https://www.securityfocus.com/bid/64513
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200804224345/https://www.securityfocus.com/bid/64513
11
reference_url http://www.openwall.com/lists/oss-security/2013/12/27/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/27/2
12
reference_url http://www.securityfocus.com/bid/64513
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64513
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1046664
reference_id 1046664
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1046664
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
24
reference_url https://github.com/advisories/GHSA-jmhh-w7xp-wg39
reference_id GHSA-jmhh-w7xp-wg39
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmhh-w7xp-wg39
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@0?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2013-6461, GHSA-jmhh-w7xp-wg39, OSV-101458
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxbt-wyyf-1yg8
6
url VCID-qj6u-xryx-s3ev
vulnerability_id VCID-qj6u-xryx-s3ev
summary 
sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow
### Withdrawn Advisory

This advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references.

### Original Description

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6490
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07429
published_at 2026-04-12T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07284
published_at 2026-04-02T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07346
published_at 2026-04-16T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07325
published_at 2026-04-04T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07307
published_at 2026-04-07T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07432
published_at 2026-04-08T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07456
published_at 2026-04-09T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07442
published_at 2026-04-11T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07418
published_at 2026-04-13T12:55:00Z
9
value 0.00071
scoring_system epss
scoring_elements 0.21675
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6490
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
3
reference_url https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a
4
reference_url https://github.com/sparklemotion/nokogiri/issues/3500
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://github.com/sparklemotion/nokogiri/issues/3500
5
reference_url https://github.com/sparklemotion/nokogiri/pull/3524
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://github.com/sparklemotion/nokogiri/pull/3524
6
reference_url https://github.com/user-attachments/files/19625432/nokogiri_crash.txt
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://github.com/user-attachments/files/19625432/nokogiri_crash.txt
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6490
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6490
8
reference_url https://vuldb.com/?ctiid.313601
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://vuldb.com/?ctiid.313601
9
reference_url https://vuldb.com/?id.313601
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://vuldb.com/?id.313601
10
reference_url https://vuldb.com/?submit.601005
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://vuldb.com/?submit.601005
11
reference_url https://github.com/advisories/GHSA-pf9w-gvcf-gv7m
reference_id GHSA-pf9w-gvcf-gv7m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pf9w-gvcf-gv7m
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@0?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2025-6490, GHSA-pf9w-gvcf-gv7m
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qj6u-xryx-s3ev
7
url VCID-snr1-kaug-43aa
vulnerability_id VCID-snr1-kaug-43aa
summary Multiple vulnerabilities have been discovered in Nokogiri, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29181
reference_id
reference_type
scores
0
value 0.04183
scoring_system epss
scoring_elements 0.88721
published_at 2026-04-18T12:55:00Z
1
value 0.04183
scoring_system epss
scoring_elements 0.88724
published_at 2026-04-16T12:55:00Z
2
value 0.04183
scoring_system epss
scoring_elements 0.8871
published_at 2026-04-13T12:55:00Z
3
value 0.04183
scoring_system epss
scoring_elements 0.88717
published_at 2026-04-11T12:55:00Z
4
value 0.04183
scoring_system epss
scoring_elements 0.88705
published_at 2026-04-09T12:55:00Z
5
value 0.04183
scoring_system epss
scoring_elements 0.88699
published_at 2026-04-08T12:55:00Z
6
value 0.04183
scoring_system epss
scoring_elements 0.88682
published_at 2026-04-07T12:55:00Z
7
value 0.04293
scoring_system epss
scoring_elements 0.88819
published_at 2026-04-02T12:55:00Z
8
value 0.04293
scoring_system epss
scoring_elements 0.88835
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29181
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181
3
reference_url http://seclists.org/fulldisclosure/2022/Dec/23
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2022/Dec/23
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml
6
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
7
reference_url https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/
url https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
8
reference_url https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/
url https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
9
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
10
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29181
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29181
12
reference_url https://security.gentoo.org/glsa/202208-29
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-29
13
reference_url https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/
url https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
14
reference_url https://support.apple.com/kb/HT213532
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT213532
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2088684
reference_id 2088684
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2088684
16
reference_url https://github.com/advisories/GHSA-xh29-r2w5-wx8m
reference_id GHSA-xh29-r2w5-wx8m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh29-r2w5-wx8m
17
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
18
reference_url https://usn.ubuntu.com/7659-1/
reference_id USN-7659-1
reference_type
scores
url https://usn.ubuntu.com/7659-1/
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@1.13.7%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.7%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.7%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2022-29181, GHSA-xh29-r2w5-wx8m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-snr1-kaug-43aa
8
url VCID-vhyk-9tbb-quc3
vulnerability_id VCID-vhyk-9tbb-quc3
summary 
Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability
### Severity

Nokogiri maintainers have evaluated this as [__Low Severity__ (CVSS3 2.6)](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N).


### Description

In Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by `Nokogiri::XML::Schema` are **trusted** by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks.

This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as **untrusted** by default whenever possible.

Please note that this security fix was pushed into a new minor version, 1.11.x, rather than a patch release to the 1.10.x branch, because it is a breaking change for some schemas and the risk was assessed to be "Low Severity".


### Affected Versions

Nokogiri `<= 1.10.10` as well as prereleases `1.11.0.rc1`, `1.11.0.rc2`, and `1.11.0.rc3`


### Mitigation

There are no known workarounds for affected versions. Upgrade to Nokogiri `1.11.0.rc4` or later.

If, after upgrading to `1.11.0.rc4` or later, you wish to re-enable network access for resolution of external resources (i.e., return to the previous behavior):

1. Ensure the input is trusted. Do not enable this option for untrusted input.
2. When invoking the `Nokogiri::XML::Schema` constructor, pass as the second parameter an instance of `Nokogiri::XML::ParseOptions` with the `NONET` flag turned off.

So if your previous code was:

``` ruby
# in v1.11.0.rc3 and earlier, this call allows resources to be accessed over the network
# but in v1.11.0.rc4 and later, this call will disallow network access for external resources
schema = Nokogiri::XML::Schema.new(schema)

# in v1.11.0.rc4 and later, the following is equivalent to the code above
# (the second parameter is optional, and this demonstrates its default value)
schema = Nokogiri::XML::Schema.new(schema, Nokogiri::XML::ParseOptions::DEFAULT_SCHEMA)
```

Then you can add the second parameter to indicate that the input is trusted by changing it to:

``` ruby
# in v1.11.0.rc3 and earlier, this would raise an ArgumentError 
# but in v1.11.0.rc4 and later, this allows resources to be accessed over the network
schema = Nokogiri::XML::Schema.new(trusted_schema, Nokogiri::XML::ParseOptions.new.nononet)
```


### References

- [This issue's public advisory](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m)
- [Original Hackerone report (private)](https://hackerone.com/reports/747489)
- [OWASP description of XXE attack](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing)
- [OWASP description of SSRF attack](https://www.owasp.org/index.php/Server_Side_Request_Forgery)


### Credit 

This vulnerability was independently reported by @eric-therond and @gucki.

The Nokogiri maintainers would like to thank [HackerOne](https://hackerone.com/nokogiri) for providing a secure, responsible mechanism for reporting, and for providing their fantastic service to us.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26247
reference_id
reference_type
scores
0
value 0.00717
scoring_system epss
scoring_elements 0.72475
published_at 2026-04-18T12:55:00Z
1
value 0.00717
scoring_system epss
scoring_elements 0.72466
published_at 2026-04-16T12:55:00Z
2
value 0.00717
scoring_system epss
scoring_elements 0.72425
published_at 2026-04-13T12:55:00Z
3
value 0.00717
scoring_system epss
scoring_elements 0.72434
published_at 2026-04-12T12:55:00Z
4
value 0.00717
scoring_system epss
scoring_elements 0.72451
published_at 2026-04-11T12:55:00Z
5
value 0.00717
scoring_system epss
scoring_elements 0.72428
published_at 2026-04-09T12:55:00Z
6
value 0.00717
scoring_system epss
scoring_elements 0.72416
published_at 2026-04-08T12:55:00Z
7
value 0.00717
scoring_system epss
scoring_elements 0.72377
published_at 2026-04-07T12:55:00Z
8
value 0.00717
scoring_system epss
scoring_elements 0.72376
published_at 2026-04-01T12:55:00Z
9
value 0.00717
scoring_system epss
scoring_elements 0.72399
published_at 2026-04-04T12:55:00Z
10
value 0.00717
scoring_system epss
scoring_elements 0.72381
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26247
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26247
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26247
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml
5
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
6
reference_url https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03
7
reference_url https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b
8
reference_url https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4
9
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
10
reference_url https://hackerone.com/reports/747489
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/747489
11
reference_url https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html
12
reference_url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26247
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26247
14
reference_url https://rubygems.org/gems/nokogiri
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/nokogiri
15
reference_url https://security.gentoo.org/glsa/202208-29
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-29
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1912487
reference_id 1912487
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1912487
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967
reference_id 978967
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967
18
reference_url https://github.com/advisories/GHSA-vr8q-g5c7-m54m
reference_id GHSA-vr8q-g5c7-m54m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vr8q-g5c7-m54m
19
reference_url https://access.redhat.com/errata/RHSA-2021:4702
reference_id RHSA-2021:4702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4702
20
reference_url https://access.redhat.com/errata/RHSA-2021:5191
reference_id RHSA-2021:5191
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5191
21
reference_url https://usn.ubuntu.com/7659-1/
reference_id USN-7659-1
reference_type
scores
url https://usn.ubuntu.com/7659-1/
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2020-26247, GHSA-vr8q-g5c7-m54m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhyk-9tbb-quc3
9
url VCID-xvhw-5776-s3fr
vulnerability_id VCID-xvhw-5776-s3fr
summary 
Nokogiri vulnerable to DoS while parsing XML documents
Nokogiri gem has Denial of Service via infinite loop when parsing XML documents
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6460.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6460.json
1
reference_url https://access.redhat.com/security/cve/cve-2013-6460
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2013-6460
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6460
reference_id
reference_type
scores
0
value 0.02521
scoring_system epss
scoring_elements 0.8544
published_at 2026-04-16T12:55:00Z
1
value 0.02521
scoring_system epss
scoring_elements 0.85416
published_at 2026-04-13T12:55:00Z
2
value 0.02521
scoring_system epss
scoring_elements 0.8542
published_at 2026-04-12T12:55:00Z
3
value 0.02521
scoring_system epss
scoring_elements 0.85355
published_at 2026-04-02T12:55:00Z
4
value 0.02521
scoring_system epss
scoring_elements 0.85444
published_at 2026-04-18T12:55:00Z
5
value 0.02521
scoring_system epss
scoring_elements 0.85421
published_at 2026-04-11T12:55:00Z
6
value 0.02521
scoring_system epss
scoring_elements 0.85407
published_at 2026-04-09T12:55:00Z
7
value 0.02521
scoring_system epss
scoring_elements 0.85398
published_at 2026-04-08T12:55:00Z
8
value 0.02521
scoring_system epss
scoring_elements 0.85376
published_at 2026-04-07T12:55:00Z
9
value 0.02521
scoring_system epss
scoring_elements 0.85374
published_at 2026-04-04T12:55:00Z
10
value 0.02521
scoring_system epss
scoring_elements 0.85343
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6460
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460
4
reference_url https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/90058
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/90058
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6460.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6460.yml
7
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
8
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6460
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6460
10
reference_url https://security-tracker.debian.org/tracker/CVE-2013-6460
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2013-6460
11
reference_url https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513
12
reference_url https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513/
reference_id
reference_type
scores
url https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513/
13
reference_url http://www.openwall.com/lists/oss-security/2013/12/27/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/27/2
14
reference_url http://www.securityfocus.com/bid/64513
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64513
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1046663
reference_id 1046663
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1046663
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
26
reference_url https://github.com/advisories/GHSA-62qp-3fxm-9wxf
reference_id GHSA-62qp-3fxm-9wxf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62qp-3fxm-9wxf
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@0?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2013-6460, GHSA-62qp-3fxm-9wxf, OSV-101179
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvhw-5776-s3fr
10
url VCID-zrsc-vqxk-vkgx
vulnerability_id VCID-zrsc-vqxk-vkgx
summary 
Nokogiri is vulnerable to XML External Entity (XXE) attack
Nokogiri before 1.5.4 is vulnerable to XXE attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6685.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6685.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-6685
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.5533
published_at 2026-04-02T12:55:00Z
1
value 0.00323
scoring_system epss
scoring_elements 0.55393
published_at 2026-04-16T12:55:00Z
2
value 0.00323
scoring_system epss
scoring_elements 0.55357
published_at 2026-04-13T12:55:00Z
3
value 0.00323
scoring_system epss
scoring_elements 0.55376
published_at 2026-04-12T12:55:00Z
4
value 0.00323
scoring_system epss
scoring_elements 0.55397
published_at 2026-04-18T12:55:00Z
5
value 0.00323
scoring_system epss
scoring_elements 0.55387
published_at 2026-04-09T12:55:00Z
6
value 0.00323
scoring_system epss
scoring_elements 0.55336
published_at 2026-04-07T12:55:00Z
7
value 0.00323
scoring_system epss
scoring_elements 0.55355
published_at 2026-04-04T12:55:00Z
8
value 0.00323
scoring_system epss
scoring_elements 0.55232
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-6685
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1178970
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1178970
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6685
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6685
4
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
5
reference_url https://github.com/sparklemotion/nokogiri/commit/599856367150709497a3a03bee930bd76504d95d
reference_id
reference_type
scores
url https://github.com/sparklemotion/nokogiri/commit/599856367150709497a3a03bee930bd76504d95d
6
reference_url https://github.com/sparklemotion/nokogiri/issues/693
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/693
7
reference_url https://nokogiri.org/CHANGELOG.html#154-2012-06-12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nokogiri.org/CHANGELOG.html#154-2012-06-12
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6685
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-6685
9
reference_url https://github.com/advisories/GHSA-6wj9-77wq-jq7p
reference_id GHSA-6wj9-77wq-jq7p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6wj9-77wq-jq7p
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@1.5.4-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.5.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.5.4-1%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2012-6685, GHSA-6wj9-77wq-jq7p, OSV-90946
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zrsc-vqxk-vkgx
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie