Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/938276?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/938276?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "ruby-nokogiri", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.5.4-1", "latest_non_vulnerable_version": "1.19.1+dfsg-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11286?format=api", "vulnerability_id": "VCID-8geh-vfns-pfgs", "summary": "Improper Restriction of XML External Entity Reference\nNokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41098.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68495", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68489", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68441", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68463", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68449", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68411", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68413", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68444", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68456", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.6843", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00564", "scoring_system": "epss", "scoring_elements": "0.68362", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68379", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68398", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68359", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41098" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-41098.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-41098.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008914", "reference_id": "2008914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008914" }, { "reference_url": "https://security.archlinux.org/AVG-2424", "reference_id": "AVG-2424", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2424" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41098", "reference_id": "CVE-2021-41098", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41098" }, { "reference_url": "https://github.com/advisories/GHSA-2rr5-8q37-2w7h", "reference_id": "GHSA-2rr5-8q37-2w7h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2rr5-8q37-2w7h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938276?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938273?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-snr1-kaug-43aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938271?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938275?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938274?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-41098", "GHSA-2rr5-8q37-2w7h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8geh-vfns-pfgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30055?format=api", "vulnerability_id": "VCID-8zyc-vw5k-wqaw", "summary": "sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow\n### Withdrawn Advisory\n\nThis advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references.\n\n### Original Description\n\nA vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07346", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07284", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07442", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07429", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07418", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07325", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07307", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07432", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07456", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2149", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21496", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21644", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21675", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6494" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/3508", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/3508" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/pull/3524", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/" } ], "url": "https://github.com/sparklemotion/nokogiri/pull/3524" }, { "reference_url": "https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/" } ], "url": "https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6494", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6494" }, { "reference_url": "https://vuldb.com/?ctiid.313611", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/" } ], "url": "https://vuldb.com/?ctiid.313611" }, { "reference_url": "https://vuldb.com/?id.313611", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/" } ], "url": "https://vuldb.com/?id.313611" }, { "reference_url": "https://vuldb.com/?submit.601006", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/" } ], "url": "https://vuldb.com/?submit.601006" }, { "reference_url": "https://github.com/advisories/GHSA-jc9r-qcgw-fxq9", "reference_id": "GHSA-jc9r-qcgw-fxq9", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jc9r-qcgw-fxq9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938276?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938273?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-snr1-kaug-43aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938271?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938275?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938274?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-6494", "GHSA-jc9r-qcgw-fxq9" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zyc-vw5k-wqaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34871?format=api", "vulnerability_id": "VCID-eru7-uy2t-d3ef", "summary": "A vulnerability has been discovered in Nokogiri, which can lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.4538", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45324", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46063", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46084", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47402", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47344", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47337", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47363", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47346", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47332", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47341", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00241", "scoring_system": "epss", "scoring_elements": "0.47395", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23476" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/" } ], "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23476", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23476" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153279", "reference_id": "2153279", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153279" }, { "reference_url": "https://github.com/advisories/GHSA-qv4q-mr5r-qprj", "reference_id": "GHSA-qv4q-mr5r-qprj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qv4q-mr5r-qprj" }, { "reference_url": "https://security.gentoo.org/glsa/202408-13", "reference_id": "GLSA-202408-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938276?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938273?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-snr1-kaug-43aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938279?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938271?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938275?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938274?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-23476", "GHSA-qv4q-mr5r-qprj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eru7-uy2t-d3ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54838?format=api", "vulnerability_id": "VCID-gxbt-wyyf-1yg8", "summary": "Nokogiri vulnerable to DoS while parsing XML entities\nNokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6461.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6461.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2013-6461", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2013-6461" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83907", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83812", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83914", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83849", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83854", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.8386", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83843", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83784", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83837", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83797", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83813", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83881", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83883", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02046", "scoring_system": "epss", "scoring_elements": "0.83882", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6461" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90059" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6461.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6461.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6461", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6461" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2013-6461", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2013-6461" }, { "reference_url": "https://web.archive.org/web/20200804224345/https://www.securityfocus.com/bid/64513", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200804224345/https://www.securityfocus.com/bid/64513" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/27/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2" }, { "reference_url": "http://www.securityfocus.com/bid/64513", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/64513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1046664", "reference_id": "1046664", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1046664" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-jmhh-w7xp-wg39", "reference_id": "GHSA-jmhh-w7xp-wg39", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmhh-w7xp-wg39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938276?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938273?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-snr1-kaug-43aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938271?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938275?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938274?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6461", "GHSA-jmhh-w7xp-wg39", "OSV-101458" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gxbt-wyyf-1yg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30122?format=api", "vulnerability_id": "VCID-qj6u-xryx-s3ev", "summary": "sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow\n### Withdrawn Advisory\n\nThis advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references.\n\n### Original Description\n\nA vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07307", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07325", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07284", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07346", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07418", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07429", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07442", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07456", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07432", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2149", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21496", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21675", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21644", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6490" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/" } ], "url": "https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/3500", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/3500" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/pull/3524", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/" } ], "url": "https://github.com/sparklemotion/nokogiri/pull/3524" }, { "reference_url": "https://github.com/user-attachments/files/19625432/nokogiri_crash.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/" } ], "url": "https://github.com/user-attachments/files/19625432/nokogiri_crash.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6490", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6490" }, { "reference_url": "https://vuldb.com/?ctiid.313601", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/" } ], "url": "https://vuldb.com/?ctiid.313601" }, { "reference_url": "https://vuldb.com/?id.313601", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/" } ], "url": "https://vuldb.com/?id.313601" }, { "reference_url": "https://vuldb.com/?submit.601005", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/" } ], "url": "https://vuldb.com/?submit.601005" }, { "reference_url": "https://github.com/advisories/GHSA-pf9w-gvcf-gv7m", "reference_id": "GHSA-pf9w-gvcf-gv7m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pf9w-gvcf-gv7m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938276?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938273?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-snr1-kaug-43aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938271?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938275?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938274?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-6490", "GHSA-pf9w-gvcf-gv7m" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qj6u-xryx-s3ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55015?format=api", "vulnerability_id": "VCID-xvhw-5776-s3fr", "summary": "Nokogiri vulnerable to DoS while parsing XML documents\nNokogiri gem has Denial of Service via infinite loop when parsing XML documents", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6460.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6460.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2013-6460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2013-6460" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6460", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.85463", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.85444", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.8544", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.85374", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.85472", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.85416", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.8542", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.85421", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.85407", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.85398", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.85343", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.85376", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02521", "scoring_system": "epss", "scoring_elements": "0.85355", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6460" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90058" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6460.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6460.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6460", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6460" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2013-6460", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2013-6460" }, { "reference_url": "https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513" }, { "reference_url": "https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/12/27/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/12/27/2" }, { "reference_url": "http://www.securityfocus.com/bid/64513", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/64513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1046663", "reference_id": "1046663", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1046663" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-62qp-3fxm-9wxf", "reference_id": "GHSA-62qp-3fxm-9wxf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-62qp-3fxm-9wxf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938276?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938273?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-snr1-kaug-43aa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938271?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938275?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938274?format=api", "purl": "pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6460", "GHSA-62qp-3fxm-9wxf", "OSV-101179" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvhw-5776-s3fr" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie" }