Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/rexml@3.4.2
purl pkg:gem/rexml@3.4.2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 2.4
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-trka-k7zz-bkh3
Aliases:
CVE-2025-58767
GHSA-c2f4-jgmc-q2r5
REXML has DoS condition when parsing malformed XML file The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. There are no reported fixed by versions.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-trka-k7zz-bkh3 REXML has DoS condition when parsing malformed XML file The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. CVE-2025-58767
GHSA-c2f4-jgmc-q2r5

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:44:21.327815+00:00 GitLab Importer Fixing VCID-trka-k7zz-bkh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rexml/CVE-2025-58767.yml 38.4.0
2026-04-16T17:41:31.024472+00:00 Ruby Importer Affected by VCID-trka-k7zz-bkh3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml 38.4.0
2026-04-16T17:41:31.011283+00:00 Ruby Importer Fixing VCID-trka-k7zz-bkh3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml 38.4.0
2026-04-12T01:05:12.670644+00:00 GitLab Importer Fixing VCID-trka-k7zz-bkh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rexml/CVE-2025-58767.yml 38.3.0
2026-04-11T21:39:25.748506+00:00 Ruby Importer Affected by VCID-trka-k7zz-bkh3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml 38.3.0
2026-04-11T21:39:25.711033+00:00 Ruby Importer Fixing VCID-trka-k7zz-bkh3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml 38.3.0
2026-04-07T04:58:50.882279+00:00 GHSA Importer Fixing VCID-trka-k7zz-bkh3 https://github.com/advisories/GHSA-c2f4-jgmc-q2r5 38.1.0
2026-04-03T01:13:36.881144+00:00 GitLab Importer Fixing VCID-trka-k7zz-bkh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rexml/CVE-2025-58767.yml 38.1.0
2026-04-02T19:36:57.114009+00:00 Ruby Importer Affected by VCID-trka-k7zz-bkh3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml 38.1.0
2026-04-02T19:36:57.098651+00:00 Ruby Importer Fixing VCID-trka-k7zz-bkh3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml 38.1.0
2026-04-01T15:54:32.254881+00:00 Ruby Importer Affected by VCID-trka-k7zz-bkh3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml 38.0.0
2026-04-01T15:54:32.219967+00:00 Ruby Importer Fixing VCID-trka-k7zz-bkh3 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml 38.0.0
2026-04-01T12:55:13.603750+00:00 GithubOSV Importer Fixing VCID-trka-k7zz-bkh3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-c2f4-jgmc-q2r5/GHSA-c2f4-jgmc-q2r5.json 38.0.0
2026-04-01T12:52:53.420003+00:00 GitLab Importer Fixing VCID-trka-k7zz-bkh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rexml/CVE-2025-58767.yml 38.0.0