Search for packages
| purl | pkg:gem/rexml@3.4.3 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 2.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-trka-k7zz-bkh3
Aliases: CVE-2025-58767 GHSA-c2f4-jgmc-q2r5 |
REXML has DoS condition when parsing malformed XML file The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T17:41:31.025829+00:00 | Ruby Importer | Affected by | VCID-trka-k7zz-bkh3 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml | 38.4.0 |
| 2026-04-11T21:39:25.752234+00:00 | Ruby Importer | Affected by | VCID-trka-k7zz-bkh3 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml | 38.3.0 |
| 2026-04-02T19:36:57.115513+00:00 | Ruby Importer | Affected by | VCID-trka-k7zz-bkh3 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml | 38.1.0 |
| 2026-04-01T15:54:32.259543+00:00 | Ruby Importer | Affected by | VCID-trka-k7zz-bkh3 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexml/CVE-2025-58767.yml | 38.0.0 |