Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/ruby-nokogiri@0?distro=trixie
Typedeb
Namespacedebian
Nameruby-nokogiri
Version0
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.5.4-1
Latest_non_vulnerable_version1.19.1+dfsg-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8geh-vfns-pfgs
vulnerability_id VCID-8geh-vfns-pfgs
summary 
Improper Restriction of XML External Entity Reference
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41098.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41098.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41098
reference_id
reference_type
scores
0
value 0.00564
scoring_system epss
scoring_elements 0.68441
published_at 2026-04-21T12:55:00Z
1
value 0.00564
scoring_system epss
scoring_elements 0.68463
published_at 2026-04-18T12:55:00Z
2
value 0.00564
scoring_system epss
scoring_elements 0.68449
published_at 2026-04-16T12:55:00Z
3
value 0.00564
scoring_system epss
scoring_elements 0.68411
published_at 2026-04-13T12:55:00Z
4
value 0.00564
scoring_system epss
scoring_elements 0.68444
published_at 2026-04-12T12:55:00Z
5
value 0.00564
scoring_system epss
scoring_elements 0.68456
published_at 2026-04-11T12:55:00Z
6
value 0.00564
scoring_system epss
scoring_elements 0.68362
published_at 2026-04-07T12:55:00Z
7
value 0.00564
scoring_system epss
scoring_elements 0.68413
published_at 2026-04-08T12:55:00Z
8
value 0.00564
scoring_system epss
scoring_elements 0.6843
published_at 2026-04-09T12:55:00Z
9
value 0.00565
scoring_system epss
scoring_elements 0.68398
published_at 2026-04-04T12:55:00Z
10
value 0.00565
scoring_system epss
scoring_elements 0.68359
published_at 2026-04-01T12:55:00Z
11
value 0.00565
scoring_system epss
scoring_elements 0.68379
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41098
2
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-41098.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-41098.yml
3
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
4
reference_url https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d
5
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2008914
reference_id 2008914
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2008914
7
reference_url https://security.archlinux.org/AVG-2424
reference_id AVG-2424
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2424
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41098
reference_id CVE-2021-41098
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41098
9
reference_url https://github.com/advisories/GHSA-2rr5-8q37-2w7h
reference_id GHSA-2rr5-8q37-2w7h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rr5-8q37-2w7h
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@0?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2021-41098, GHSA-2rr5-8q37-2w7h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8geh-vfns-pfgs
1
url VCID-8zyc-vw5k-wqaw
vulnerability_id VCID-8zyc-vw5k-wqaw
summary 
sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow
### Withdrawn Advisory

This advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references.

### Original Description

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6494
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07307
published_at 2026-04-07T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07456
published_at 2026-04-09T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07432
published_at 2026-04-08T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07325
published_at 2026-04-04T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07284
published_at 2026-04-02T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07346
published_at 2026-04-16T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07418
published_at 2026-04-13T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07429
published_at 2026-04-12T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07442
published_at 2026-04-11T12:55:00Z
9
value 0.00071
scoring_system epss
scoring_elements 0.21675
published_at 2026-04-18T12:55:00Z
10
value 0.00071
scoring_system epss
scoring_elements 0.21644
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6494
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
3
reference_url https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a
4
reference_url https://github.com/sparklemotion/nokogiri/issues/3508
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://github.com/sparklemotion/nokogiri/issues/3508
5
reference_url https://github.com/sparklemotion/nokogiri/pull/3524
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://github.com/sparklemotion/nokogiri/pull/3524
6
reference_url https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6494
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6494
8
reference_url https://vuldb.com/?ctiid.313611
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://vuldb.com/?ctiid.313611
9
reference_url https://vuldb.com/?id.313611
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://vuldb.com/?id.313611
10
reference_url https://vuldb.com/?submit.601006
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/
url https://vuldb.com/?submit.601006
11
reference_url https://github.com/advisories/GHSA-jc9r-qcgw-fxq9
reference_id GHSA-jc9r-qcgw-fxq9
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jc9r-qcgw-fxq9
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@0?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2025-6494, GHSA-jc9r-qcgw-fxq9
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zyc-vw5k-wqaw
2
url VCID-eru7-uy2t-d3ef
vulnerability_id VCID-eru7-uy2t-d3ef
summary A vulnerability has been discovered in Nokogiri, which can lead to a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23476
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.4538
published_at 2026-04-09T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45324
published_at 2026-04-07T12:55:00Z
2
value 0.00232
scoring_system epss
scoring_elements 0.46063
published_at 2026-04-02T12:55:00Z
3
value 0.00232
scoring_system epss
scoring_elements 0.46084
published_at 2026-04-04T12:55:00Z
4
value 0.00241
scoring_system epss
scoring_elements 0.47337
published_at 2026-04-12T12:55:00Z
5
value 0.00241
scoring_system epss
scoring_elements 0.47363
published_at 2026-04-11T12:55:00Z
6
value 0.00241
scoring_system epss
scoring_elements 0.47346
published_at 2026-04-21T12:55:00Z
7
value 0.00241
scoring_system epss
scoring_elements 0.47395
published_at 2026-04-18T12:55:00Z
8
value 0.00241
scoring_system epss
scoring_elements 0.47402
published_at 2026-04-16T12:55:00Z
9
value 0.00241
scoring_system epss
scoring_elements 0.47344
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23476
2
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml
3
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
4
reference_url https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/
url https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce
5
reference_url https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/
url https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50
6
reference_url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/
url https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23476
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23476
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2153279
reference_id 2153279
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2153279
9
reference_url https://github.com/advisories/GHSA-qv4q-mr5r-qprj
reference_id GHSA-qv4q-mr5r-qprj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qv4q-mr5r-qprj
10
reference_url https://security.gentoo.org/glsa/202408-13
reference_id GLSA-202408-13
reference_type
scores
url https://security.gentoo.org/glsa/202408-13
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@0?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2022-23476, GHSA-qv4q-mr5r-qprj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eru7-uy2t-d3ef
3
url VCID-gxbt-wyyf-1yg8
vulnerability_id VCID-gxbt-wyyf-1yg8
summary 
Nokogiri vulnerable to DoS while parsing XML entities
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6461.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6461.json
1
reference_url https://access.redhat.com/security/cve/cve-2013-6461
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2013-6461
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6461
reference_id
reference_type
scores
0
value 0.02046
scoring_system epss
scoring_elements 0.83883
published_at 2026-04-18T12:55:00Z
1
value 0.02046
scoring_system epss
scoring_elements 0.83797
published_at 2026-04-02T12:55:00Z
2
value 0.02046
scoring_system epss
scoring_elements 0.83881
published_at 2026-04-21T12:55:00Z
3
value 0.02046
scoring_system epss
scoring_elements 0.83849
published_at 2026-04-13T12:55:00Z
4
value 0.02046
scoring_system epss
scoring_elements 0.83854
published_at 2026-04-12T12:55:00Z
5
value 0.02046
scoring_system epss
scoring_elements 0.8386
published_at 2026-04-11T12:55:00Z
6
value 0.02046
scoring_system epss
scoring_elements 0.83843
published_at 2026-04-09T12:55:00Z
7
value 0.02046
scoring_system epss
scoring_elements 0.83837
published_at 2026-04-08T12:55:00Z
8
value 0.02046
scoring_system epss
scoring_elements 0.83813
published_at 2026-04-07T12:55:00Z
9
value 0.02046
scoring_system epss
scoring_elements 0.83784
published_at 2026-04-01T12:55:00Z
10
value 0.02046
scoring_system epss
scoring_elements 0.83812
published_at 2026-04-04T12:55:00Z
11
value 0.02046
scoring_system epss
scoring_elements 0.83882
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6461
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/90059
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/90059
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6461.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6461.yml
6
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
7
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6461
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6461
9
reference_url https://security-tracker.debian.org/tracker/CVE-2013-6461
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2013-6461
10
reference_url https://web.archive.org/web/20200804224345/https://www.securityfocus.com/bid/64513
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200804224345/https://www.securityfocus.com/bid/64513
11
reference_url http://www.openwall.com/lists/oss-security/2013/12/27/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/27/2
12
reference_url http://www.securityfocus.com/bid/64513
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64513
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1046664
reference_id 1046664
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1046664
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
24
reference_url https://github.com/advisories/GHSA-jmhh-w7xp-wg39
reference_id GHSA-jmhh-w7xp-wg39
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmhh-w7xp-wg39
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@0?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2013-6461, GHSA-jmhh-w7xp-wg39, OSV-101458
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxbt-wyyf-1yg8
4
url VCID-qj6u-xryx-s3ev
vulnerability_id VCID-qj6u-xryx-s3ev
summary 
sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow
### Withdrawn Advisory

This advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references.

### Original Description

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6490
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07307
published_at 2026-04-07T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07284
published_at 2026-04-02T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07325
published_at 2026-04-04T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07346
published_at 2026-04-16T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07418
published_at 2026-04-13T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.07429
published_at 2026-04-12T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07442
published_at 2026-04-11T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07456
published_at 2026-04-09T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07432
published_at 2026-04-08T12:55:00Z
9
value 0.00071
scoring_system epss
scoring_elements 0.21644
published_at 2026-04-21T12:55:00Z
10
value 0.00071
scoring_system epss
scoring_elements 0.21675
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6490
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
3
reference_url https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a
4
reference_url https://github.com/sparklemotion/nokogiri/issues/3500
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://github.com/sparklemotion/nokogiri/issues/3500
5
reference_url https://github.com/sparklemotion/nokogiri/pull/3524
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://github.com/sparklemotion/nokogiri/pull/3524
6
reference_url https://github.com/user-attachments/files/19625432/nokogiri_crash.txt
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://github.com/user-attachments/files/19625432/nokogiri_crash.txt
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6490
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6490
8
reference_url https://vuldb.com/?ctiid.313601
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://vuldb.com/?ctiid.313601
9
reference_url https://vuldb.com/?id.313601
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://vuldb.com/?id.313601
10
reference_url https://vuldb.com/?submit.601005
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
4
value 1.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
5
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
6
value LOW
scoring_system generic_textual
scoring_elements
7
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/
url https://vuldb.com/?submit.601005
11
reference_url https://github.com/advisories/GHSA-pf9w-gvcf-gv7m
reference_id GHSA-pf9w-gvcf-gv7m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pf9w-gvcf-gv7m
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@0?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2025-6490, GHSA-pf9w-gvcf-gv7m
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qj6u-xryx-s3ev
5
url VCID-xvhw-5776-s3fr
vulnerability_id VCID-xvhw-5776-s3fr
summary 
Nokogiri vulnerable to DoS while parsing XML documents
Nokogiri gem has Denial of Service via infinite loop when parsing XML documents
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6460.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6460.json
1
reference_url https://access.redhat.com/security/cve/cve-2013-6460
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2013-6460
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6460
reference_id
reference_type
scores
0
value 0.02521
scoring_system epss
scoring_elements 0.8544
published_at 2026-04-21T12:55:00Z
1
value 0.02521
scoring_system epss
scoring_elements 0.85416
published_at 2026-04-13T12:55:00Z
2
value 0.02521
scoring_system epss
scoring_elements 0.8542
published_at 2026-04-12T12:55:00Z
3
value 0.02521
scoring_system epss
scoring_elements 0.85355
published_at 2026-04-02T12:55:00Z
4
value 0.02521
scoring_system epss
scoring_elements 0.85444
published_at 2026-04-18T12:55:00Z
5
value 0.02521
scoring_system epss
scoring_elements 0.85421
published_at 2026-04-11T12:55:00Z
6
value 0.02521
scoring_system epss
scoring_elements 0.85407
published_at 2026-04-09T12:55:00Z
7
value 0.02521
scoring_system epss
scoring_elements 0.85398
published_at 2026-04-08T12:55:00Z
8
value 0.02521
scoring_system epss
scoring_elements 0.85376
published_at 2026-04-07T12:55:00Z
9
value 0.02521
scoring_system epss
scoring_elements 0.85374
published_at 2026-04-04T12:55:00Z
10
value 0.02521
scoring_system epss
scoring_elements 0.85343
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6460
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460
4
reference_url https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/90058
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/90058
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6460.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6460.yml
7
reference_url https://github.com/sparklemotion/nokogiri
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri
8
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6460
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6460
10
reference_url https://security-tracker.debian.org/tracker/CVE-2013-6460
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2013-6460
11
reference_url https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513
12
reference_url https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513/
reference_id
reference_type
scores
url https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513/
13
reference_url http://www.openwall.com/lists/oss-security/2013/12/27/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/12/27/2
14
reference_url http://www.securityfocus.com/bid/64513
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/64513
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1046663
reference_id 1046663
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1046663
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
26
reference_url https://github.com/advisories/GHSA-62qp-3fxm-9wxf
reference_id GHSA-62qp-3fxm-9wxf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62qp-3fxm-9wxf
fixed_packages
0
url pkg:deb/debian/ruby-nokogiri@0?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie
1
url pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-snr1-kaug-43aa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie
2
url pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie
3
url pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2013-6460, GHSA-62qp-3fxm-9wxf, OSV-101179
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvhw-5776-s3fr
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie