{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","type":"deb","namespace":"debian","name":"libxml2","version":"2.9.4+dfsg1-7+deb10u4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.15.2+dfsg-0.1","latest_non_vulnerable_version":"2.15.2+dfsg-0.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69445?format=json","vulnerability_id":"VCID-27jd-t23h-73f4","summary":"libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6021.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6021.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6021","reference_id":"","reference_type":"","scores":[{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73295","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73272","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73267","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01733","scoring_system":"epss","scoring_elements":"0.82504","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84248","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84207","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84232","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84247","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84296","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84109","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84115","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84133","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84127","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84123","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84145","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84147","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84264","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84176","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84183","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02116","scoring_system":"epss","scoring_elements":"0.84188","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107720","reference_id":"1107720","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107720"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372406","reference_id":"2372406","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372406"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/926","reference_id":"926","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"},{"reference_url":"https://security.archlinux.org/AVG-2899","reference_id":"AVG-2899","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2899"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9","reference_id":"cpe:/a:redhat:discovery:2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1","reference_id":"cpe:/a:redhat:hummingbird:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9","reference_id":"cpe:/a:redhat:insights_proxy:1.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1","reference_id":"cpe:/a:redhat:jboss_core_services:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8","reference_id":"cpe:/a:redhat:openshift:4.12::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9","reference_id":"cpe:/a:redhat:openshift:4.13::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8","reference_id":"cpe:/a:redhat:openshift:4.14::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9","reference_id":"cpe:/a:redhat:openshift:4.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9","reference_id":"cpe:/a:redhat:openshift:4.15::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9","reference_id":"cpe:/a:redhat:openshift:4.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9","reference_id":"cpe:/a:redhat:openshift:4.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9","reference_id":"cpe:/a:redhat:openshift:4.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9","reference_id":"cpe:/a:redhat:openshift:4.19::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-6021","reference_id":"CVE-2025-6021","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-6021"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10630","reference_id":"RHSA-2025:10630","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:10630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10698","reference_id":"RHSA-2025:10698","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:10698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10699","reference_id":"RHSA-2025:10699","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:10699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11580","reference_id":"RHSA-2025:11580","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11673","reference_id":"RHSA-2025:11673","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12098","reference_id":"RHSA-2025:12098","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12099","reference_id":"RHSA-2025:12099","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12199","reference_id":"RHSA-2025:12199","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12237","reference_id":"RHSA-2025:12237","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12239","reference_id":"RHSA-2025:12239","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12240","reference_id":"RHSA-2025:12240","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12241","reference_id":"RHSA-2025:12241","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13267","reference_id":"RHSA-2025:13267","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13289","reference_id":"RHSA-2025:13289","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13325","reference_id":"RHSA-2025:13325","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13335","reference_id":"RHSA-2025:13335","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13336","reference_id":"RHSA-2025:13336","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14059","reference_id":"RHSA-2025:14059","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14396","reference_id":"RHSA-2025:14396","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14396"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15308","reference_id":"RHSA-2025:15308","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15672","reference_id":"RHSA-2025:15672","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19020","reference_id":"RHSA-2025:19020","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7519","reference_id":"RHSA-2026:7519","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7519"},{"reference_url":"https://usn.ubuntu.com/7694-1/","reference_id":"USN-7694-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7694-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2025-6021"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27jd-t23h-73f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71841?format=json","vulnerability_id":"VCID-31w8-13b6-8beh","summary":"libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24928","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46331","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46339","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46208","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46274","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46294","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46235","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46267","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46352","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.463","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46355","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46356","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46379","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46351","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46361","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46418","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46415","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46342","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46354","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46302","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098321","reference_id":"1098321","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098321"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346421","reference_id":"2346421","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346421"},{"reference_url":"https://issues.oss-fuzz.com/issues/392687022","reference_id":"392687022","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T03:55:31Z/"}],"url":"https://issues.oss-fuzz.com/issues/392687022"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/847","reference_id":"847","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T03:55:31Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2482","reference_id":"RHSA-2025:2482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2483","reference_id":"RHSA-2025:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2507","reference_id":"RHSA-2025:2507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2513","reference_id":"RHSA-2025:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2654","reference_id":"RHSA-2025:2654","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2654"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2660","reference_id":"RHSA-2025:2660","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2660"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2673","reference_id":"RHSA-2025:2673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2678","reference_id":"RHSA-2025:2678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2679","reference_id":"RHSA-2025:2679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2686","reference_id":"RHSA-2025:2686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2789","reference_id":"RHSA-2025:2789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3055","reference_id":"RHSA-2025:3055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3368","reference_id":"RHSA-2025:3368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3397","reference_id":"RHSA-2025:3397","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3397"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3453","reference_id":"RHSA-2025:3453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3453"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3569","reference_id":"RHSA-2025:3569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3775","reference_id":"RHSA-2025:3775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3780","reference_id":"RHSA-2025:3780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3867","reference_id":"RHSA-2025:3867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4005","reference_id":"RHSA-2025:4005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9895","reference_id":"RHSA-2025:9895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9895"},{"reference_url":"https://usn.ubuntu.com/7302-1/","reference_id":"USN-7302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2025-24928"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-31w8-13b6-8beh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69443?format=json","vulnerability_id":"VCID-464a-typa-7qbu","summary":"libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command Handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6170.json","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6170.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6170","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10293","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10028","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10061","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10121","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10161","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10141","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10119","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10062","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10004","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10153","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10222","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10197","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10236","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10087","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09984","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11253","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30679","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30654","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30661","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30698","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6170"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107938","reference_id":"1107938","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107938"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372952","reference_id":"2372952","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372952"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/941","reference_id":"941","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/941"},{"reference_url":"https://security.archlinux.org/AVG-2898","reference_id":"AVG-2898","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2898"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1","reference_id":"cpe:/a:redhat:hummingbird:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1","reference_id":"cpe:/a:redhat:jboss_core_services:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-6170","reference_id":"CVE-2025-6170","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-6170"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7519","reference_id":"RHSA-2026:7519","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7519"},{"reference_url":"https://usn.ubuntu.com/7694-1/","reference_id":"USN-7694-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7694-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2025-6170"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-464a-typa-7qbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9028?format=json","vulnerability_id":"VCID-4m3j-qy8c-4uhk","summary":"NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2309","reference_id":"","reference_type":"","scores":[{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75342","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75287","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75279","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75297","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75272","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75244","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75234","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.7523","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75167","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75189","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75168","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75155","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75121","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75144","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75114","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75227","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75188","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75199","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00868","scoring_system":"epss","scoring_elements":"0.75193","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2309"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-wrxv-2j5q-m38w","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wrxv-2j5q-m38w"},{"reference_url":"https://github.com/lxml/lxml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxml/lxml"},{"reference_url":"https://github.com/lxml/lxml/blob/master/CHANGES.txt","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxml/lxml/blob/master/CHANGES.txt"},{"reference_url":"https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml"},{"reference_url":"https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00021.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2309","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2309"},{"reference_url":"https://security.gentoo.org/glsa/202208-06","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202208-06"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220915-0006","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220915-0006"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014766","reference_id":"1014766","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014766"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039991","reference_id":"1039991","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039991"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2107571","reference_id":"2107571","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2107571"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8226","reference_id":"RHSA-2022:8226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8226"},{"reference_url":"https://usn.ubuntu.com/5760-1/","reference_id":"USN-5760-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5760-1/"},{"reference_url":"https://usn.ubuntu.com/6028-2/","reference_id":"USN-6028-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6028-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2022-2309","GHSA-wrxv-2j5q-m38w","PYSEC-2022-230"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4m3j-qy8c-4uhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69455?format=json","vulnerability_id":"VCID-74y5-vcxn-2ygr","summary":"libxml: Heap use after free (UAF) leads to Denial of service (DoS)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49794.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49794.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49794","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31455","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31549","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31368","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31421","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31452","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31508","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58432","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63523","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.6355","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63601","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63469","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63434","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63467","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63475","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63505","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63479","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63492","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63487","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63461","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63558","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107755","reference_id":"1107755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372373","reference_id":"2372373","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372373"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/931","reference_id":"931","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/931"},{"reference_url":"https://security.archlinux.org/AVG-2898","reference_id":"AVG-2898","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2898"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9","reference_id":"cpe:/a:redhat:cert_manager:1.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1","reference_id":"cpe:/a:redhat:hummingbird:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9","reference_id":"cpe:/a:redhat:insights_proxy:1.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1","reference_id":"cpe:/a:redhat:jboss_core_services:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8","reference_id":"cpe:/a:redhat:openshift:4.12::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9","reference_id":"cpe:/a:redhat:openshift:4.13::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9","reference_id":"cpe:/a:redhat:openshift:4.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9","reference_id":"cpe:/a:redhat:openshift:4.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9","reference_id":"cpe:/a:redhat:openshift:4.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9","reference_id":"cpe:/a:redhat:openshift:4.19::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9","reference_id":"cpe:/a:redhat:openshift:4.20::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9","reference_id":"cpe:/a:redhat:openshift_file_integrity_operator:1::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8","reference_id":"cpe:/a:redhat:openshift_serverless:1.36::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9","reference_id":"cpe:/a:redhat:webterminal:1.11::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9","reference_id":"cpe:/a:redhat:webterminal:1.12::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-49794","reference_id":"CVE-2025-49794","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-49794"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10630","reference_id":"RHSA-2025:10630","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:10630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10698","reference_id":"RHSA-2025:10698","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:10698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10699","reference_id":"RHSA-2025:10699","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:10699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11580","reference_id":"RHSA-2025:11580","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12098","reference_id":"RHSA-2025:12098","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12099","reference_id":"RHSA-2025:12099","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12199","reference_id":"RHSA-2025:12199","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12237","reference_id":"RHSA-2025:12237","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12239","reference_id":"RHSA-2025:12239","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12240","reference_id":"RHSA-2025:12240","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12241","reference_id":"RHSA-2025:12241","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13335","reference_id":"RHSA-2025:13335","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15827","reference_id":"RHSA-2025:15827","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15828","reference_id":"RHSA-2025:15828","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18219","reference_id":"RHSA-2025:18219","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:18219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19020","reference_id":"RHSA-2025:19020","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21913","reference_id":"RHSA-2025:21913","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7519","reference_id":"RHSA-2026:7519","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7519"},{"reference_url":"https://usn.ubuntu.com/7694-1/","reference_id":"USN-7694-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7694-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2025-49794"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-74y5-vcxn-2ygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58841?format=json","vulnerability_id":"VCID-782a-uast-nbch","summary":"Multiple vulnerabilities have been found in libxml2, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20388.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20388.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20388","reference_id":"","reference_type":"","scores":[{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69975","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70006","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69805","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70051","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70002","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69913","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69904","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69863","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69877","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69892","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69869","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69853","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69976","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69933","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69957","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69956","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69946","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.69895","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00631","scoring_system":"epss","scoring_elements":"0.70255","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00631","scoring_system":"epss","scoring_elements":"0.70243","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00631","scoring_system":"epss","scoring_elements":"0.70272","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20388"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1799734","reference_id":"1799734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1799734"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/","reference_id":"545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","reference_id":"5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68","reference_id":"68","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583","reference_id":"949583","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583"},{"reference_url":"https://security.archlinux.org/ASA-202011-15","reference_id":"ASA-202011-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-15"},{"reference_url":"https://security.archlinux.org/AVG-1263","reference_id":"AVG-1263","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1263"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-20388","reference_id":"CVE-2019-20388","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-20388"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","reference_id":"JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3996","reference_id":"RHSA-2020:3996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4479","reference_id":"RHSA-2020:4479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4991-1/","reference_id":"USN-4991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2019-20388"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-782a-uast-nbch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44699?format=json","vulnerability_id":"VCID-7bpp-2hvk-2udv","summary":"Multiple vulnerabilities have been found in libxml2, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24977","reference_id":"","reference_type":"","scores":[{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66054","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66036","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66048","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66067","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66024","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.65987","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.6658","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66645","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00516","scoring_system":"epss","scoring_elements":"0.66619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67656","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67677","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.6768","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67655","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67698","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67735","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67668","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67647","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67667","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69222","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69197","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.72108","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/178","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/178"},{"reference_url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200924-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200924-0001/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1877788","reference_id":"1877788","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1877788"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529","reference_id":"969529","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529"},{"reference_url":"https://security.archlinux.org/ASA-202011-15","reference_id":"ASA-202011-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-15"},{"reference_url":"https://security.archlinux.org/AVG-1263","reference_id":"AVG-1263","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1263"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24977","reference_id":"CVE-2020-24977","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24977"},{"reference_url":"https://security.gentoo.org/glsa/202107-05","reference_id":"GLSA-202107-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1597","reference_id":"RHSA-2021:1597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1597"},{"reference_url":"https://usn.ubuntu.com/4991-1/","reference_id":"USN-4991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2020-24977"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7bpp-2hvk-2udv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76431?format=json","vulnerability_id":"VCID-8d2w-3c3p-zqaz","summary":"libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34459.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34459.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34459","reference_id":"","reference_type":"","scores":[{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.73632","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.73635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.73659","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.73667","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.7368","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.73702","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.73685","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.73676","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.7372","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86905","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86984","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86997","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.87026","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86922","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86928","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86932","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86953","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86971","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03141","scoring_system":"epss","scoring_elements":"0.86989","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071162","reference_id":"1071162","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071162"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2280532","reference_id":"2280532","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2280532"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/","reference_id":"5HVUXKYTBWT3G5DEEQX62STJQBY367NL","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/","reference_id":"INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/"},{"reference_url":"https://usn.ubuntu.com/7240-1/","reference_id":"USN-7240-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7240-1/"},{"reference_url":"https://usn.ubuntu.com/7302-1/","reference_id":"USN-7302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7302-1/"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8","reference_id":"v2.11.8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7","reference_id":"v2.12.7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/","reference_id":"VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2024-34459"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8d2w-3c3p-zqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44704?format=json","vulnerability_id":"VCID-9hqf-12yh-bkc8","summary":"Multiple vulnerabilities have been found in libxml2, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3518","reference_id":"","reference_type":"","scores":[{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48321","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48291","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48347","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48323","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.4826","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48344","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48396","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48383","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48443","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48398","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48386","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48412","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48388","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48394","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48339","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48448","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49118","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.4909","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49056","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3518"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954242","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954242"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Jul/54","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2021/Jul/54"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Jul/55","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2021/Jul/55"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Jul/58","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2021/Jul/58"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Jul/59","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2021/Jul/59"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"},{"reference_url":"https://nokogiri.org/CHANGELOG.html#1114-2021-05-14","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nokogiri.org/CHANGELOG.html#1114-2021-05-14"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3518","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3518"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210625-0002","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210625-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210625-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210625-0002/"},{"reference_url":"https://support.apple.com/kb/HT212601","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT212601"},{"reference_url":"https://support.apple.com/kb/HT212602","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT212602"},{"reference_url":"https://support.apple.com/kb/HT212604","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT212604"},{"reference_url":"https://support.apple.com/kb/HT212605","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT212605"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737","reference_id":"987737","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737"},{"reference_url":"https://security.archlinux.org/AVG-1883","reference_id":"AVG-1883","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1883"},{"reference_url":"https://github.com/advisories/GHSA-v4f8-2847-rwm7","reference_id":"GHSA-v4f8-2847-rwm7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v4f8-2847-rwm7"},{"reference_url":"https://security.gentoo.org/glsa/202107-05","reference_id":"GLSA-202107-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202107-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2569","reference_id":"RHSA-2021:2569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1389","reference_id":"RHSA-2022:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1390","reference_id":"RHSA-2022:1390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1390"},{"reference_url":"https://usn.ubuntu.com/4991-1/","reference_id":"USN-4991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2021-3518","GHSA-v4f8-2847-rwm7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hqf-12yh-bkc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18855?format=json","vulnerability_id":"VCID-aasn-u7fd-8bhy","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nXmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39615","reference_id":"","reference_type":"","scores":[{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30162","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30398","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30284","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30204","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30063","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30133","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30141","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30071","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30092","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30649","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30604","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30629","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30612","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30578","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32184","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.32187","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34244","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34276","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.363","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36251","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/535","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:25:30Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/535"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230","reference_id":"1051230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235864","reference_id":"2235864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235864"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39615","reference_id":"CVE-2023-39615","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39615"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7544","reference_id":"RHSA-2023:7544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7626","reference_id":"RHSA-2023:7626","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7626"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7747","reference_id":"RHSA-2023:7747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0119","reference_id":"RHSA-2024:0119","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0413","reference_id":"RHSA-2024:0413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1317","reference_id":"RHSA-2024:1317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1317"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1383","reference_id":"RHSA-2024:1383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1477","reference_id":"RHSA-2024:1477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1477"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2023-39615"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aasn-u7fd-8bhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68202?format=json","vulnerability_id":"VCID-ahha-vnq4-7qd2","summary":"libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9714","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00804","published_at":"2026-05-14T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00812","published_at":"2026-04-04T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00958","published_at":"2026-05-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00951","published_at":"2026-05-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00945","published_at":"2026-05-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00924","published_at":"2026-04-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00927","published_at":"2026-04-08T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00912","published_at":"2026-04-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00907","published_at":"2026-04-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00909","published_at":"2026-04-13T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00905","published_at":"2026-04-16T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00913","published_at":"2026-04-18T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00963","published_at":"2026-04-29T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00966","published_at":"2026-04-24T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00971","published_at":"2026-04-26T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00961","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9714"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392605","reference_id":"2392605","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392605"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21","reference_id":"677a42645ef22b5a50741bad5facf9d8a8bc6d21","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T18:46:42Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22162","reference_id":"RHSA-2025:22162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22163","reference_id":"RHSA-2025:22163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22177","reference_id":"RHSA-2025:22177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22376","reference_id":"RHSA-2025:22376","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22376"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22377","reference_id":"RHSA-2025:22377","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22377"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22868","reference_id":"RHSA-2025:22868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23202","reference_id":"RHSA-2025:23202","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23202"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23204","reference_id":"RHSA-2025:23204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23205","reference_id":"RHSA-2025:23205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23209","reference_id":"RHSA-2025:23209","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23209"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23227","reference_id":"RHSA-2025:23227","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23234","reference_id":"RHSA-2025:23234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23449","reference_id":"RHSA-2025:23449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0677","reference_id":"RHSA-2026:0677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0702","reference_id":"RHSA-2026:0702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0978","reference_id":"RHSA-2026:0978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0980","reference_id":"RHSA-2026:0980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0985","reference_id":"RHSA-2026:0985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0985"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0996","reference_id":"RHSA-2026:0996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11349","reference_id":"RHSA-2026:11349","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11349"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14832","reference_id":"RHSA-2026:14832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14858","reference_id":"RHSA-2026:14858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1539","reference_id":"RHSA-2026:1539","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1539"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1541","reference_id":"RHSA-2026:1541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15967","reference_id":"RHSA-2026:15967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1652","reference_id":"RHSA-2026:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7519","reference_id":"RHSA-2026:7519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7519"},{"reference_url":"https://usn.ubuntu.com/7743-1/","reference_id":"USN-7743-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7743-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2025-9714"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ahha-vnq4-7qd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8546?format=json","vulnerability_id":"VCID-azzy-m5pc-qudn","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\nparser.c in libxml2 does not prevent infinite recursion in parameter entities.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16932","reference_id":"","reference_type":"","scores":[{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95757","published_at":"2026-04-07T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95823","published_at":"2026-05-12T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95818","published_at":"2026-05-11T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95813","published_at":"2026-05-09T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95806","published_at":"2026-05-07T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95804","published_at":"2026-05-05T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95791","published_at":"2026-04-29T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95792","published_at":"2026-04-24T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.9579","published_at":"2026-04-21T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95788","published_at":"2026-04-18T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95837","published_at":"2026-05-14T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95784","published_at":"2026-04-16T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95747","published_at":"2026-04-02T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95738","published_at":"2026-04-01T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95755","published_at":"2026-04-04T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95774","published_at":"2026-04-13T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95772","published_at":"2026-04-12T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95773","published_at":"2026-04-11T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95766","published_at":"2026-04-08T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95769","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16932"},{"reference_url":"https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=759579","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=759579"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1714","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1714"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"},{"reference_url":"https://usn.ubuntu.com/3739-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-1"},{"reference_url":"https://usn.ubuntu.com/3739-1/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://usn.ubuntu.com/3739-1/"},{"reference_url":"https://usn.ubuntu.com/usn/usn-3504-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/usn/usn-3504-1/"},{"reference_url":"http://xmlsoft.org/news.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"http://xmlsoft.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1517316","reference_id":"1517316","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1517316"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613","reference_id":"882613","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16932","reference_id":"CVE-2017-16932","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16932"},{"reference_url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html","reference_id":"CVE-2017-16932.HTML","reference_type":"","scores":[],"url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html"},{"reference_url":"https://github.com/advisories/GHSA-x2fm-93ww-ggvx","reference_id":"GHSA-x2fm-93ww-ggvx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2fm-93ww-ggvx"},{"reference_url":"https://usn.ubuntu.com/3504-1/","reference_id":"USN-3504-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3504-1/"},{"reference_url":"https://usn.ubuntu.com/3504-2/","reference_id":"USN-3504-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3504-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2017-16932","GHSA-x2fm-93ww-ggvx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azzy-m5pc-qudn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9630?format=json","vulnerability_id":"VCID-bejh-22y7-kuh6","summary":"NULL Pointer Dereference\nA NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1543","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1543"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14404","reference_id":"","reference_type":"","scores":[{"value":"0.18492","scoring_system":"epss","scoring_elements":"0.95218","published_at":"2026-04-02T12:55:00Z"},{"value":"0.18492","scoring_system":"epss","scoring_elements":"0.9522","published_at":"2026-04-04T12:55:00Z"},{"value":"0.18492","scoring_system":"epss","scoring_elements":"0.95206","published_at":"2026-04-01T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95486","published_at":"2026-04-21T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95535","published_at":"2026-05-14T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95521","published_at":"2026-05-12T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95516","published_at":"2026-05-11T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.9551","published_at":"2026-05-09T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95504","published_at":"2026-05-07T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95499","published_at":"2026-05-05T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95489","published_at":"2026-04-29T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95488","published_at":"2026-04-24T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95483","published_at":"2026-04-18T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95478","published_at":"2026-04-16T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95469","published_at":"2026-04-13T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95468","published_at":"2026-04-12T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95464","published_at":"2026-04-09T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95461","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95454","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14404"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595985","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1785","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1785"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/issues/10","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/issues/10"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190719-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0002/","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190719-0002/"},{"reference_url":"https://usn.ubuntu.com/3739-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-1"},{"reference_url":"https://usn.ubuntu.com/3739-1/","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://usn.ubuntu.com/3739-1/"},{"reference_url":"https://usn.ubuntu.com/3739-2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14404","reference_id":"CVE-2018-14404","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14404"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml","reference_id":"CVE-2018-14404.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml"},{"reference_url":"https://github.com/advisories/GHSA-6qvp-r6r3-9p7h","reference_id":"GHSA-6qvp-r6r3-9p7h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6qvp-r6r3-9p7h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1827","reference_id":"RHSA-2020:1827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1827"},{"reference_url":"https://usn.ubuntu.com/3739-2/","reference_id":"USN-3739-2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://usn.ubuntu.com/3739-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2018-14404","GHSA-6qvp-r6r3-9p7h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bejh-22y7-kuh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69452?format=json","vulnerability_id":"VCID-bz1e-1ypb-kkgg","summary":"libxml: Type confusion leads to Denial of service (DoS)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49796.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49796.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49796","reference_id":"","reference_type":"","scores":[{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.6582","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65761","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65791","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65756","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.65809","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.6584","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01455","scoring_system":"epss","scoring_elements":"0.80845","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.82841","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.82879","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.82689","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.82685","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.82724","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.82725","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.82827","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.8275","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.82759","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.82766","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.82786","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.82806","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.82825","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107752","reference_id":"1107752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107752"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372385","reference_id":"2372385","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372385"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/933","reference_id":"933","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/933"},{"reference_url":"https://security.archlinux.org/AVG-2898","reference_id":"AVG-2898","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2898"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9","reference_id":"cpe:/a:redhat:cert_manager:1.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9","reference_id":"cpe:/a:redhat:discovery:2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1","reference_id":"cpe:/a:redhat:hummingbird:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9","reference_id":"cpe:/a:redhat:insights_proxy:1.5::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1","reference_id":"cpe:/a:redhat:jboss_core_services:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8","reference_id":"cpe:/a:redhat:openshift:4.12::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9","reference_id":"cpe:/a:redhat:openshift:4.13::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9","reference_id":"cpe:/a:redhat:openshift:4.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9","reference_id":"cpe:/a:redhat:openshift:4.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9","reference_id":"cpe:/a:redhat:openshift:4.18::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9","reference_id":"cpe:/a:redhat:openshift:4.19::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9","reference_id":"cpe:/a:redhat:openshift:4.20::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9","reference_id":"cpe:/a:redhat:openshift_file_integrity_operator:1::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8","reference_id":"cpe:/a:redhat:openshift_serverless:1.36::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9","reference_id":"cpe:/a:redhat:webterminal:1.11::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9","reference_id":"cpe:/a:redhat:webterminal:1.12::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-49796","reference_id":"CVE-2025-49796","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-49796"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10630","reference_id":"RHSA-2025:10630","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:10630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10698","reference_id":"RHSA-2025:10698","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:10698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10699","reference_id":"RHSA-2025:10699","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:10699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11580","reference_id":"RHSA-2025:11580","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12098","reference_id":"RHSA-2025:12098","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12099","reference_id":"RHSA-2025:12099","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12199","reference_id":"RHSA-2025:12199","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12237","reference_id":"RHSA-2025:12237","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12239","reference_id":"RHSA-2025:12239","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12240","reference_id":"RHSA-2025:12240","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12241","reference_id":"RHSA-2025:12241","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13267","reference_id":"RHSA-2025:13267","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13335","reference_id":"RHSA-2025:13335","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15827","reference_id":"RHSA-2025:15827","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15828","reference_id":"RHSA-2025:15828","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18219","reference_id":"RHSA-2025:18219","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:18219"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19020","reference_id":"RHSA-2025:19020","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21913","reference_id":"RHSA-2025:21913","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0934","reference_id":"RHSA-2026:0934","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:0934"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7519","reference_id":"RHSA-2026:7519","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7519"},{"reference_url":"https://usn.ubuntu.com/7694-1/","reference_id":"USN-7694-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7694-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2025-49796"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bz1e-1ypb-kkgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71838?format=json","vulnerability_id":"VCID-c9ds-faa9-t7be","summary":"libxml2: Use-After-Free in libxml2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56171.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56171.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56171","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39631","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39619","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39534","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39559","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40029","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40055","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39977","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.4003","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40044","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40054","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40017","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39997","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40048","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40018","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.3994","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39767","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39753","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39668","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39537","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39602","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56171"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098320","reference_id":"1098320","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098320"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346416","reference_id":"2346416","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346416"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/828","reference_id":"828","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T16:26:31Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2482","reference_id":"RHSA-2025:2482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2483","reference_id":"RHSA-2025:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2507","reference_id":"RHSA-2025:2507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2513","reference_id":"RHSA-2025:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2654","reference_id":"RHSA-2025:2654","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2654"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2660","reference_id":"RHSA-2025:2660","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2660"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2673","reference_id":"RHSA-2025:2673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2678","reference_id":"RHSA-2025:2678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2679","reference_id":"RHSA-2025:2679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2686","reference_id":"RHSA-2025:2686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2789","reference_id":"RHSA-2025:2789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3055","reference_id":"RHSA-2025:3055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3059","reference_id":"RHSA-2025:3059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3066","reference_id":"RHSA-2025:3066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3368","reference_id":"RHSA-2025:3368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3397","reference_id":"RHSA-2025:3397","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3397"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3453","reference_id":"RHSA-2025:3453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3453"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3569","reference_id":"RHSA-2025:3569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3867","reference_id":"RHSA-2025:3867","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4005","reference_id":"RHSA-2025:4005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:9895","reference_id":"RHSA-2025:9895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:9895"},{"reference_url":"https://usn.ubuntu.com/7302-1/","reference_id":"USN-7302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2024-56171"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9ds-faa9-t7be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13082?format=json","vulnerability_id":"VCID-cbm2-cez4-bqgh","summary":"Use After Free\n`valid.c` in libxml2 before 2.9.13 has a use-after-free of `ID` and `IDREF` attributes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23308","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1545","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1551","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15547","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15546","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15491","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15481","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15584","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15515","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15601","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15656","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15623","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15588","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15456","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16327","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16267","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1711","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.16986","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17022","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489","reference_id":"1006489","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2056913","reference_id":"2056913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2056913"},{"reference_url":"https://security.archlinux.org/AVG-2726","reference_id":"AVG-2726","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2726"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23308","reference_id":"CVE-2022-23308","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23308"},{"reference_url":"https://security.gentoo.org/glsa/202210-03","reference_id":"GLSA-202210-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0899","reference_id":"RHSA-2022:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1389","reference_id":"RHSA-2022:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1390","reference_id":"RHSA-2022:1390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1390"},{"reference_url":"https://usn.ubuntu.com/5324-1/","reference_id":"USN-5324-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5324-1/"},{"reference_url":"https://usn.ubuntu.com/5422-1/","reference_id":"USN-5422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2022-23308"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbm2-cez4-bqgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20687?format=json","vulnerability_id":"VCID-d68t-f8j1-h3am","summary":"Use After Free\nWhen using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25062.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25062.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25062","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37113","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37057","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37124","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37142","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37063","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37037","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37627","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37651","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37529","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37581","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37594","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37608","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37574","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37547","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37591","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37572","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37508","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37287","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37267","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37176","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25062"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/604","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T17:35:33Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/604"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063234","reference_id":"1063234","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063234"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262726","reference_id":"2262726","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262726"},{"reference_url":"https://security.gentoo.org/glsa/202402-11","reference_id":"GLSA-202402-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1317","reference_id":"RHSA-2024:1317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1317"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2679","reference_id":"RHSA-2024:2679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3299","reference_id":"RHSA-2024:3299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3303","reference_id":"RHSA-2024:3303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3625","reference_id":"RHSA-2024:3625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3626","reference_id":"RHSA-2024:3626","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3626"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags","reference_id":"tags","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T17:35:33Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags"},{"reference_url":"https://usn.ubuntu.com/6658-1/","reference_id":"USN-6658-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6658-1/"},{"reference_url":"https://usn.ubuntu.com/6658-2/","reference_id":"USN-6658-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6658-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2024-25062"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d68t-f8j1-h3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70438?format=json","vulnerability_id":"VCID-drkd-yykc-ayge","summary":"libxml2: Out-of-Bounds Read in libxml2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32414.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32414.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32414","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3946","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39036","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39013","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3903","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3894","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.38963","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39483","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39397","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39453","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39468","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39479","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39441","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39424","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39476","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39447","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39361","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39169","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39152","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.38943","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41017","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102521","reference_id":"1102521","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102521"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358121","reference_id":"2358121","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12098","reference_id":"RHSA-2025:12098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12237","reference_id":"RHSA-2025:12237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12239","reference_id":"RHSA-2025:12239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12240","reference_id":"RHSA-2025:12240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12241","reference_id":"RHSA-2025:12241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13428","reference_id":"RHSA-2025:13428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13429","reference_id":"RHSA-2025:13429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13677","reference_id":"RHSA-2025:13677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13681","reference_id":"RHSA-2025:13681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13683","reference_id":"RHSA-2025:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13684","reference_id":"RHSA-2025:13684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14059","reference_id":"RHSA-2025:14059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14644","reference_id":"RHSA-2025:14644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14818","reference_id":"RHSA-2025:14818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14819","reference_id":"RHSA-2025:14819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14853","reference_id":"RHSA-2025:14853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14858","reference_id":"RHSA-2025:14858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15308","reference_id":"RHSA-2025:15308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15672","reference_id":"RHSA-2025:15672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16159","reference_id":"RHSA-2025:16159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22529","reference_id":"RHSA-2025:22529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8958","reference_id":"RHSA-2025:8958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7519","reference_id":"RHSA-2026:7519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7519"},{"reference_url":"https://usn.ubuntu.com/7467-1/","reference_id":"USN-7467-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7467-1/"},{"reference_url":"https://usn.ubuntu.com/7467-2/","reference_id":"USN-7467-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7467-2/"},{"reference_url":"https://usn.ubuntu.com/7896-1/","reference_id":"USN-7896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7896-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2025-32414"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-drkd-yykc-ayge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57379?format=json","vulnerability_id":"VCID-eb6k-ppfd-m7a3","summary":"Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40304.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40304","reference_id":"","reference_type":"","scores":[{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37101","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44283","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44253","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44537","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4435","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44487","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44548","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44318","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44302","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44225","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44349","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4443","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44426","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44508","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44578","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44586","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.4453","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44529","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44559","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44542","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"},{"reference_url":"https://nokogiri.org/CHANGELOG.html#1139-2022-10-18","reference_id":"","reference_type":"","scores":[],"url":"https://nokogiri.org/CHANGELOG.html#1139-2022-10-18"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225","reference_id":"1022225","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/21","reference_id":"21","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/21"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136288","reference_id":"2136288","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136288"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/24","reference_id":"24","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/24"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/25","reference_id":"25","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/25"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/26","reference_id":"26","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/26"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/27","reference_id":"27","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/27"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40304","reference_id":"CVE-2022-40304","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40304"},{"reference_url":"https://security.gentoo.org/glsa/202210-39","reference_id":"GLSA-202210-39","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-39"},{"reference_url":"https://support.apple.com/kb/HT213531","reference_id":"HT213531","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://support.apple.com/kb/HT213531"},{"reference_url":"https://support.apple.com/kb/HT213533","reference_id":"HT213533","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://support.apple.com/kb/HT213533"},{"reference_url":"https://support.apple.com/kb/HT213534","reference_id":"HT213534","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://support.apple.com/kb/HT213534"},{"reference_url":"https://support.apple.com/kb/HT213535","reference_id":"HT213535","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://support.apple.com/kb/HT213535"},{"reference_url":"https://support.apple.com/kb/HT213536","reference_id":"HT213536","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://support.apple.com/kb/HT213536"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221209-0003/","reference_id":"ntap-20221209-0003","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20221209-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0173","reference_id":"RHSA-2023:0173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0338","reference_id":"RHSA-2023:0338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0413","reference_id":"RHSA-2024:0413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0413"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags","reference_id":"tags","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags"},{"reference_url":"https://usn.ubuntu.com/5760-1/","reference_id":"USN-5760-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5760-1/"},{"reference_url":"https://usn.ubuntu.com/5760-2/","reference_id":"USN-5760-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5760-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2022-40304"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eb6k-ppfd-m7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44702?format=json","vulnerability_id":"VCID-ek5d-m9pn-3fec","summary":"Multiple vulnerabilities have been found in libxml2, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3517","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28432","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28358","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28337","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28415","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28392","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28336","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28891","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28494","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28566","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28678","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28789","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28839","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28862","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.2884","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28934","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.2893","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28889","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29427","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29474","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29358","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3517"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954232","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/2233","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/2233"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/2274","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/2274"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3517","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3517"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210625-0002","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210625-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210625-0002/","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210625-0002/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211022-0004","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20211022-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211022-0004/","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211022-0004/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738","reference_id":"987738","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738"},{"reference_url":"https://security.archlinux.org/AVG-1883","reference_id":"AVG-1883","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1883"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/","reference_id":"BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"},{"reference_url":"https://github.com/advisories/GHSA-jw9f-hh49-cvp9","reference_id":"GHSA-jw9f-hh49-cvp9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jw9f-hh49-cvp9"},{"reference_url":"https://security.gentoo.org/glsa/202107-05","reference_id":"GLSA-202107-05","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/"}],"url":"https://security.gentoo.org/glsa/202107-05"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/","reference_id":"QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2569","reference_id":"RHSA-2021:2569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1389","reference_id":"RHSA-2022:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1390","reference_id":"RHSA-2022:1390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1390"},{"reference_url":"https://usn.ubuntu.com/4991-1/","reference_id":"USN-4991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2021-3517","GHSA-jw9f-hh49-cvp9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ek5d-m9pn-3fec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71837?format=json","vulnerability_id":"VCID-hafa-bcpu-8uaj","summary":"libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27113","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26313","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26006","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25981","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25909","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25927","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26354","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26127","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26194","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26242","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26249","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26204","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26146","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.2615","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26126","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26087","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26026","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26022","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25975","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25865","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25924","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098322","reference_id":"1098322","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098322"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346410","reference_id":"2346410","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346410"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/861","reference_id":"861","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:33:43Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/861"},{"reference_url":"https://usn.ubuntu.com/7302-1/","reference_id":"USN-7302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2025-27113"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hafa-bcpu-8uaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84942?format=json","vulnerability_id":"VCID-nuh8-qd25-ykan","summary":"libxml2: Incorrect server side include parsing can lead to XSS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3709.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3709.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3709","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34067","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33794","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34132","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34164","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34024","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38402","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38517","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38429","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38309","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38381","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38391","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38302","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38328","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45405","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45499","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45519","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45489","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45494","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45542","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45539","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112766","reference_id":"2112766","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7715","reference_id":"RHSA-2022:7715","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7715"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4767","reference_id":"RHSA-2023:4767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4767"},{"reference_url":"https://usn.ubuntu.com/5548-1/","reference_id":"USN-5548-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5548-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2016-3709"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nuh8-qd25-ykan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19293?format=json","vulnerability_id":"VCID-pdv9-xrh8-d3fz","summary":"Use After Free\nThis advisory has been marked as False Positive and removed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45322.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45322.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45322","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21457","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21497","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.2135","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21348","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21326","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21232","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.213","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21387","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21364","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21384","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.229","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22843","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22857","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22851","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22789","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22864","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22916","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22937","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22953","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22997","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45322"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/344","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/344"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/583","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/583"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/06/5","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/06/5"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053629","reference_id":"1053629","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053629"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242945","reference_id":"2242945","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242945"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45322","reference_id":"CVE-2023-45322","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45322"},{"reference_url":"https://security.gentoo.org/glsa/202402-11","reference_id":"GLSA-202402-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2023-45322"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdv9-xrh8-d3fz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71953?format=json","vulnerability_id":"VCID-qh44-gavt-rbdw","summary":"libxml: use-after-free in xmlXIncludeAddNode","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49043.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49043.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-49043","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44636","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44513","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44583","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44598","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44535","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44564","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44821","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44761","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44813","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44816","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44832","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44803","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44857","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.4485","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44785","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44698","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44706","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44627","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-49043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49043"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238","reference_id":"1094238","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238"},{"reference_url":"https://github.com/php/php-src/issues/17467","reference_id":"17467","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-27T14:52:22Z/"}],"url":"https://github.com/php/php-src/issues/17467"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2342118","reference_id":"2342118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2342118"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b","reference_id":"5a19e21605398cef6a8b1452477a8705cb41562b","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-27T14:52:22Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1350","reference_id":"RHSA-2025:1350","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1350"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1487","reference_id":"RHSA-2025:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1516","reference_id":"RHSA-2025:1516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1517","reference_id":"RHSA-2025:1517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1925","reference_id":"RHSA-2025:1925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:1925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2507","reference_id":"RHSA-2025:2507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2678","reference_id":"RHSA-2025:2678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:2678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3775","reference_id":"RHSA-2025:3775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4409","reference_id":"RHSA-2025:4409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4422","reference_id":"RHSA-2025:4422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4677","reference_id":"RHSA-2025:4677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7702","reference_id":"RHSA-2025:7702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7702"},{"reference_url":"https://usn.ubuntu.com/7240-1/","reference_id":"USN-7240-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7240-1/"},{"reference_url":"https://usn.ubuntu.com/7302-1/","reference_id":"USN-7302-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7302-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2022-49043"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qh44-gavt-rbdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70212?format=json","vulnerability_id":"VCID-qp6y-dt1j-97df","summary":"libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32415","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21953","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21753","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21599","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21682","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21657","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2168","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.22006","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21771","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21848","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21904","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21915","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21874","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21817","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2182","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21826","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2179","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21642","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21637","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2153","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22877","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-32415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103511","reference_id":"1103511","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103511"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2360768","reference_id":"2360768","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2360768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13203","reference_id":"RHSA-2025:13203","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13203"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13428","reference_id":"RHSA-2025:13428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13429","reference_id":"RHSA-2025:13429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13622","reference_id":"RHSA-2025:13622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13677","reference_id":"RHSA-2025:13677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13681","reference_id":"RHSA-2025:13681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13683","reference_id":"RHSA-2025:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13684","reference_id":"RHSA-2025:13684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13688","reference_id":"RHSA-2025:13688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13689","reference_id":"RHSA-2025:13689","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13689"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13788","reference_id":"RHSA-2025:13788","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13788"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13789","reference_id":"RHSA-2025:13789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13806","reference_id":"RHSA-2025:13806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14059","reference_id":"RHSA-2025:14059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14186","reference_id":"RHSA-2025:14186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14644","reference_id":"RHSA-2025:14644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14818","reference_id":"RHSA-2025:14818","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14818"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14819","reference_id":"RHSA-2025:14819","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14819"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14853","reference_id":"RHSA-2025:14853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14858","reference_id":"RHSA-2025:14858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15308","reference_id":"RHSA-2025:15308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15672","reference_id":"RHSA-2025:15672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16159","reference_id":"RHSA-2025:16159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22529","reference_id":"RHSA-2025:22529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7519","reference_id":"RHSA-2026:7519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7519"},{"reference_url":"https://usn.ubuntu.com/7467-1/","reference_id":"USN-7467-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7467-1/"},{"reference_url":"https://usn.ubuntu.com/7467-2/","reference_id":"USN-7467-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7467-2/"},{"reference_url":"https://usn.ubuntu.com/7896-1/","reference_id":"USN-7896-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7896-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050284?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5"}],"aliases":["CVE-2025-32415"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qp6y-dt1j-97df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17357?format=json","vulnerability_id":"VCID-qpnt-xvgv-s3cq","summary":"This advisory has been invalidated.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28484","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48192","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48181","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48199","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48244","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48249","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48186","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48197","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49181","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.4915","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49179","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.4913","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49184","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49199","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56165","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.5615","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56104","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56153","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56216","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59936","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.6","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28484"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/491","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/491"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html"},{"reference_url":"https://nokogiri.org/CHANGELOG.html#1143-2023-04-11","reference_id":"","reference_type":"","scores":[],"url":"https://nokogiri.org/CHANGELOG.html#1143-2023-04-11"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436","reference_id":"1034436","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2185994","reference_id":"2185994","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2185994"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28484","reference_id":"CVE-2023-28484","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28484"},{"reference_url":"https://security.gentoo.org/glsa/202402-11","reference_id":"GLSA-202402-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-11"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230601-0006/","reference_id":"ntap-20230601-0006","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230601-0006/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240201-0005/","reference_id":"ntap-20240201-0005","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240201-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4349","reference_id":"RHSA-2023:4349","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4349"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4529","reference_id":"RHSA-2023:4529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4628","reference_id":"RHSA-2023:4628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0413","reference_id":"RHSA-2024:0413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0413"},{"reference_url":"https://usn.ubuntu.com/6028-1/","reference_id":"USN-6028-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6028-1/"},{"reference_url":"https://usn.ubuntu.com/6028-2/","reference_id":"USN-6028-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6028-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2023-28484"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpnt-xvgv-s3cq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7551?format=json","vulnerability_id":"VCID-qtp3-a1g7-8kgw","summary":"Improper Restriction of XML External Entity Reference\nlibxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9318","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.30847","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31068","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31036","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31055","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31023","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31004","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32901","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32735","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32866","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32722","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32769","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35124","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35029","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35052","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35224","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35145","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35095","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36488","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3896","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38972","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9318"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395609","reference_id":"1395609","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395609"},{"reference_url":"https://github.com/lsh123/xmlsec/issues/43","reference_id":"43","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/"}],"url":"https://github.com/lsh123/xmlsec/issues/43"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581","reference_id":"844581","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581"},{"reference_url":"http://www.securityfocus.com/bid/94347","reference_id":"94347","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/"}],"url":"http://www.securityfocus.com/bid/94347"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9318","reference_id":"CVE-2016-9318","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9318"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=772726","reference_id":"show_bug.cgi?id=772726","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/"}],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=772726"},{"reference_url":"https://usn.ubuntu.com/3739-2/","reference_id":"USN-3739-2","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/"}],"url":"https://usn.ubuntu.com/3739-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2016-9318"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtp3-a1g7-8kgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33329?format=json","vulnerability_id":"VCID-qv3r-ppuc-zycz","summary":"libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation\nxmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.\nThe Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7595","reference_id":"","reference_type":"","scores":[{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64774","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6476","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64846","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64802","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64755","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6475","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64712","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6474","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64751","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64734","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.6472","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64672","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64777","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64765","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.64747","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64992","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65014","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65071","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65326","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65401","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65375","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7595"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1992","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1992"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7595","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7595"},{"reference_url":"https://security.gentoo.org/glsa/202010-04","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://security.gentoo.org/glsa/202010-04"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200702-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200702-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200702-0005/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200702-0005/"},{"reference_url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"},{"reference_url":"https://usn.ubuntu.com/4274-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4274-1"},{"reference_url":"https://usn.ubuntu.com/4274-1/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://usn.ubuntu.com/4274-1/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1799786","reference_id":"1799786","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1799786"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/","reference_id":"545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","reference_id":"5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582","reference_id":"949582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582"},{"reference_url":"https://security.archlinux.org/ASA-202011-15","reference_id":"ASA-202011-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-15"},{"reference_url":"https://security.archlinux.org/AVG-1263","reference_id":"AVG-1263","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1263"},{"reference_url":"https://github.com/advisories/GHSA-7553-jr98-vx47","reference_id":"GHSA-7553-jr98-vx47","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7553-jr98-vx47"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","reference_id":"JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3996","reference_id":"RHSA-2020:3996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4479","reference_id":"RHSA-2020:4479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2020-7595","GHSA-7553-jr98-vx47"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qv3r-ppuc-zycz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10893?format=json","vulnerability_id":"VCID-rsvx-3f49-v3an","summary":"Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)\nA flaw was found in libxml2. By exploiting an exponential entity expansion attack its possible bypassing all existing protection mechanisms and lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3541","reference_id":"","reference_type":"","scores":[{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18918","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18821","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18692","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18723","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19054","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.19106","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18828","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18907","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18962","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18968","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18921","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.1887","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18822","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18834","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18849","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18738","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18717","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18672","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18545","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18629","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0006","scoring_system":"epss","scoring_elements":"0.18729","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3541"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950515","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210805-0007/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603","reference_id":"988603","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603"},{"reference_url":"https://security.archlinux.org/AVG-1883","reference_id":"AVG-1883","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1883"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3541","reference_id":"CVE-2021-3541","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3541"},{"reference_url":"https://security.gentoo.org/glsa/202107-05","reference_id":"GLSA-202107-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2569","reference_id":"RHSA-2021:2569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1389","reference_id":"RHSA-2022:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1390","reference_id":"RHSA-2022:1390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1390"},{"reference_url":"https://usn.ubuntu.com/4991-1/","reference_id":"USN-4991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2021-3541"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rsvx-3f49-v3an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14289?format=json","vulnerability_id":"VCID-s9r4-a3uz-4yhp","summary":"Integer Overflow or Wraparound\nIn libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29824","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22385","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22238","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22318","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22286","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22303","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22407","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22489","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22543","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22562","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22521","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22466","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22481","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22478","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22427","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22274","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22261","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22256","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22154","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22976","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2302","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29824"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxslt/-/tags","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxslt/-/tags"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526","reference_id":"1010526","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2082158","reference_id":"2082158","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2082158"},{"reference_url":"https://security.archlinux.org/AVG-2726","reference_id":"AVG-2726","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2726"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29824","reference_id":"CVE-2022-29824","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29824"},{"reference_url":"https://security.gentoo.org/glsa/202210-03","reference_id":"GLSA-202210-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5250","reference_id":"RHSA-2022:5250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5317","reference_id":"RHSA-2022:5317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5317"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5422-1/","reference_id":"USN-5422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2022-29824"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9r4-a3uz-4yhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9765?format=json","vulnerability_id":"VCID-t53m-6vvr-27cf","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\nlibxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14567","reference_id":"","reference_type":"","scores":[{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71451","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71459","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71476","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71449","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71489","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71501","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71524","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71508","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.7149","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71536","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71541","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.7152","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71571","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71578","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71583","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71569","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71604","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71638","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71605","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71635","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71691","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1619875","reference_id":"1619875","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1619875"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14567","reference_id":"CVE-2018-14567","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2018-14567"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t53m-6vvr-27cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57378?format=json","vulnerability_id":"VCID-udew-3gre-13hy","summary":"Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40303","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39332","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39746","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39261","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39238","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39329","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39316","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39249","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39375","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39471","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.3965","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39734","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39762","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39712","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39729","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39765","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39755","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39741","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39687","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39768","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"},{"reference_url":"https://nokogiri.org/CHANGELOG.html#1139-2022-10-18","reference_id":"","reference_type":"","scores":[],"url":"https://nokogiri.org/CHANGELOG.html#1139-2022-10-18"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224","reference_id":"1022224","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/21","reference_id":"21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/21"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136266","reference_id":"2136266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136266"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/24","reference_id":"24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/24"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/25","reference_id":"25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/25"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/26","reference_id":"26","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/26"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/27","reference_id":"27","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/27"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40303","reference_id":"CVE-2022-40303","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40303"},{"reference_url":"https://security.gentoo.org/glsa/202210-39","reference_id":"GLSA-202210-39","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-39"},{"reference_url":"https://support.apple.com/kb/HT213531","reference_id":"HT213531","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://support.apple.com/kb/HT213531"},{"reference_url":"https://support.apple.com/kb/HT213533","reference_id":"HT213533","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://support.apple.com/kb/HT213533"},{"reference_url":"https://support.apple.com/kb/HT213534","reference_id":"HT213534","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://support.apple.com/kb/HT213534"},{"reference_url":"https://support.apple.com/kb/HT213535","reference_id":"HT213535","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://support.apple.com/kb/HT213535"},{"reference_url":"https://support.apple.com/kb/HT213536","reference_id":"HT213536","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://support.apple.com/kb/HT213536"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221209-0003/","reference_id":"ntap-20221209-0003","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://security.netapp.com/advisory/ntap-20221209-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0173","reference_id":"RHSA-2023:0173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0338","reference_id":"RHSA-2023:0338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0413","reference_id":"RHSA-2024:0413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0413"},{"reference_url":"https://usn.ubuntu.com/5760-1/","reference_id":"USN-5760-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5760-1/"},{"reference_url":"https://usn.ubuntu.com/5760-2/","reference_id":"USN-5760-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5760-2/"},{"reference_url":"https://usn.ubuntu.com/7659-1/","reference_id":"USN-7659-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7659-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2022-40303"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-udew-3gre-13hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81686?format=json","vulnerability_id":"VCID-ugyh-dycm-3bc3","summary":"libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19956","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36066","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3601","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36102","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3614","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36133","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36115","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36231","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36204","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35675","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35654","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35583","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35697","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35785","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.35817","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36048","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43168","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43231","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788856","reference_id":"1788856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788856"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549","reference_id":"5a02583c7e683896d84878bd90641d8d9b0d0549","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","reference_id":"5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19956","reference_id":"CVE-2019-19956","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19956"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","reference_id":"JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html","reference_id":"msg00032.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200114-0002/","reference_id":"ntap-20200114-0002","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200114-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3996","reference_id":"RHSA-2020:3996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4479","reference_id":"RHSA-2020:4479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2019-19956"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugyh-dycm-3bc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44705?format=json","vulnerability_id":"VCID-vf7b-s3y3-sfhw","summary":"Multiple vulnerabilities have been found in libxml2, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3537","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29141","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29059","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29039","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29115","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29101","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.2904","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29186","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29251","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29365","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29478","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29524","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29551","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29532","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29584","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33927","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34266","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34299","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36309","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36337","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3626","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3537"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956522","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/"},{"reference_url":"https://nokogiri.org/CHANGELOG.html#1114-2021-05-14","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nokogiri.org/CHANGELOG.html#1114-2021-05-14"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3537","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3537"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210625-0002","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210625-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210625-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210625-0002/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123","reference_id":"988123","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123"},{"reference_url":"https://security.archlinux.org/AVG-1883","reference_id":"AVG-1883","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1883"},{"reference_url":"https://github.com/advisories/GHSA-286v-pcf5-25rc","reference_id":"GHSA-286v-pcf5-25rc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-286v-pcf5-25rc"},{"reference_url":"https://security.gentoo.org/glsa/202107-05","reference_id":"GLSA-202107-05","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202107-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2569","reference_id":"RHSA-2021:2569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1389","reference_id":"RHSA-2022:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1390","reference_id":"RHSA-2022:1390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1390"},{"reference_url":"https://usn.ubuntu.com/4991-1/","reference_id":"USN-4991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2021-3537","GHSA-286v-pcf5-25rc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vf7b-s3y3-sfhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8947?format=json","vulnerability_id":"VCID-wc4g-sxyq-ubcd","summary":"Allocation of Resources Without Limits or Throttling\nThe xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18258","reference_id":"","reference_type":"","scores":[{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.69739","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.71675","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.71641","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.71606","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00678","scoring_system":"epss","scoring_elements":"0.7162","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73914","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73824","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73833","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73858","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73863","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73898","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.7388","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73872","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73922","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73949","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73958","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00898","scoring_system":"epss","scoring_elements":"0.75837","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00898","scoring_system":"epss","scoring_elements":"0.75784","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18258"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0001","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190719-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190719-0001/"},{"reference_url":"https://usn.ubuntu.com/3739-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-1"},{"reference_url":"https://usn.ubuntu.com/3739-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3739-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1566749","reference_id":"1566749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1566749"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245","reference_id":"895245","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245"},{"reference_url":"https://security.archlinux.org/AVG-671","reference_id":"AVG-671","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-671"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18258","reference_id":"CVE-2017-18258","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18258"},{"reference_url":"https://github.com/advisories/GHSA-882p-jqgm-f45g","reference_id":"GHSA-882p-jqgm-f45g","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-882p-jqgm-f45g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2017-18258","GHSA-882p-jqgm-f45g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4g-sxyq-ubcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17375?format=json","vulnerability_id":"VCID-x9ej-7dcq-tub2","summary":"Double Free\nAn issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29469","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2209","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22061","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2214","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2191","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21991","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22046","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2202","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2196","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21959","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21955","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21912","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21766","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.21753","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28175","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.2825","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28088","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.2815","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29618","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35925","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.35858","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/510","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/510"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html"},{"reference_url":"https://nokogiri.org/CHANGELOG.html#1143-2023-04-11","reference_id":"","reference_type":"","scores":[],"url":"https://nokogiri.org/CHANGELOG.html#1143-2023-04-11"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437","reference_id":"1034437","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2185984","reference_id":"2185984","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2185984"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29469","reference_id":"CVE-2023-29469","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29469"},{"reference_url":"https://security.gentoo.org/glsa/202402-11","reference_id":"GLSA-202402-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-11"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230601-0006/","reference_id":"ntap-20230601-0006","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230601-0006/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4349","reference_id":"RHSA-2023:4349","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4349"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4529","reference_id":"RHSA-2023:4529","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4628","reference_id":"RHSA-2023:4628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0413","reference_id":"RHSA-2024:0413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0413"},{"reference_url":"https://usn.ubuntu.com/6028-1/","reference_id":"USN-6028-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6028-1/"},{"reference_url":"https://usn.ubuntu.com/6028-2/","reference_id":"USN-6028-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6028-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2023-29469"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9ej-7dcq-tub2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44701?format=json","vulnerability_id":"VCID-xps8-1a3r-wke6","summary":"Multiple vulnerabilities have been found in libxml2, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3516","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56988","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56995","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56934","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56985","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57545","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57651","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57629","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58327","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58306","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58316","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58345","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58347","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.5836","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58363","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58339","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.583","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58313","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58298","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58263","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00381","scoring_system":"epss","scoring_elements":"0.5964","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/230","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/230"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954225","reference_id":"1954225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1954225"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987739","reference_id":"987739","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987739"},{"reference_url":"https://security.archlinux.org/AVG-1883","reference_id":"AVG-1883","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1883"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3516","reference_id":"CVE-2021-3516","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3516"},{"reference_url":"https://security.gentoo.org/glsa/202107-05","reference_id":"GLSA-202107-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2569","reference_id":"RHSA-2021:2569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2569"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1389","reference_id":"RHSA-2022:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1390","reference_id":"RHSA-2022:1390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1390"},{"reference_url":"https://usn.ubuntu.com/4991-1/","reference_id":"USN-4991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2021-3516"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xps8-1a3r-wke6"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61905?format=json","vulnerability_id":"VCID-3whx-6t3e-7beq","summary":"Multiple vulnerabilities have been found in libxml2, the worst of\n    which could result in the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5969.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5969","reference_id":"","reference_type":"","scores":[{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86361","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86426","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86461","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86471","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86468","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86489","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86509","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86528","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86372","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86389","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86391","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.8641","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.8642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86434","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86432","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86443","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86448","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02935","scoring_system":"epss","scoring_elements":"0.86442","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03505","scoring_system":"epss","scoring_elements":"0.87698","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03505","scoring_system":"epss","scoring_elements":"0.87711","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03505","scoring_system":"epss","scoring_elements":"0.87743","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5969"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=778519","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=778519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"},{"reference_url":"https://security.gentoo.org/glsa/201711-01","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201711-01"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/11/05/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/11/05/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/02/13/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/02/13/1"},{"reference_url":"http://www.securityfocus.com/bid/96188","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96188"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1421996","reference_id":"1421996","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1421996"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001","reference_id":"855001","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5969","reference_id":"CVE-2017-5969","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5969"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}],"aliases":["CVE-2017-5969"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3whx-6t3e-7beq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8801?format=json","vulnerability_id":"VCID-4hws-gtxr-3bge","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nBuffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7376.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7376.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7376","reference_id":"","reference_type":"","scores":[{"value":"0.38332","scoring_system":"epss","scoring_elements":"0.97279","published_at":"2026-05-14T12:55:00Z"},{"value":"0.38332","scoring_system":"epss","scoring_elements":"0.97267","published_at":"2026-05-11T12:55:00Z"},{"value":"0.38332","scoring_system":"epss","scoring_elements":"0.97272","published_at":"2026-05-12T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97216","published_at":"2026-04-02T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97222","published_at":"2026-04-04T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97223","published_at":"2026-04-07T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97233","published_at":"2026-04-08T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97234","published_at":"2026-04-09T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97237","published_at":"2026-04-11T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97238","published_at":"2026-04-12T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97239","published_at":"2026-04-13T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97247","published_at":"2026-04-16T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97249","published_at":"2026-04-18T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97251","published_at":"2026-04-21T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97252","published_at":"2026-04-26T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97254","published_at":"2026-04-29T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.9726","published_at":"2026-05-05T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97264","published_at":"2026-05-07T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97268","published_at":"2026-05-09T12:55:00Z"},{"value":"0.38432","scoring_system":"epss","scoring_elements":"0.97211","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1462216","reference_id":"1462216","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1462216"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870865","reference_id":"870865","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870865"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7376","reference_id":"CVE-2017-7376","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7376"},{"reference_url":"https://usn.ubuntu.com/3424-1/","reference_id":"USN-3424-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-1/"},{"reference_url":"https://usn.ubuntu.com/3424-2/","reference_id":"USN-3424-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035584?format=json","purl":"pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-2b1g-gp84-87e8"},{"vulnerability":"VCID-2j62-5rjn-vyeu"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-33n1-125n-63h6"},{"vulnerability":"VCID-3d1e-enaq-q3cx"},{"vulnerability":"VCID-3s4n-twju-b3dw"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-51f2-w9b7-9fb4"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-69ff-ngna-mkbv"},{"vulnerability":"VCID-6h9f-6pmg-3fh3"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-7h3p-7ej2-17f1"},{"vulnerability":"VCID-7rzw-9jj5-4ybk"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-9p2f-ynzb-r3gj"},{"vulnerability":"VCID-9q49-2srz-rkg7"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ah8e-sxuu-jqcw"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-b5tz-9s1v-pkg7"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bk98-bfkg-7bdt"},{"vulnerability":"VCID-bp8r-8jjt-hygw"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-cgfv-pps6-6khd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-e9c3-5gws-u3fp"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ecde-c15q-ukh1"},{"vulnerability":"VCID-eebz-xjem-cygz"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-ghaf-ynsg-uuea"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-gxsm-qvkt-gygy"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-ked7-5tjg-nudx"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-netm-9gxh-3yh4"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-r7q9-7u4b-83cz"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s3j9-1zq5-zkf5"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-t9pa-yw9s-kqb9"},{"vulnerability":"VCID-tazr-2qgq-77fy"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-tyk2-gq2c-bbcn"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vcq9-93xd-nfbe"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-wj66-7n6c-9kam"},{"vulnerability":"VCID-wtxh-xxp2-d3hr"},{"vulnerability":"VCID-wy5v-dsp3-a7aa"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1036961?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}],"aliases":["CVE-2017-7376"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hws-gtxr-3bge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8761?format=json","vulnerability_id":"VCID-57yv-ay7b-v7ev","summary":"Out-of-bounds Write\nAn integer overflow in xmlmemory.c in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5130.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5130.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5130","reference_id":"","reference_type":"","scores":[{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78816","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78576","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78583","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78614","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78596","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78621","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78628","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78652","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78634","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78627","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78655","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78653","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.7865","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78705","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78726","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78749","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78764","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78761","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78777","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01181","scoring_system":"epss","scoring_elements":"0.78805","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01181","scoring_system":"epss","scoring_elements":"0.78812","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5130"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/101482","reference_id":"101482","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/"}],"url":"http://www.securityfocus.com/bid/101482"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503537","reference_id":"1503537","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503537"},{"reference_url":"https://crbug.com/722079","reference_id":"722079","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/"}],"url":"https://crbug.com/722079"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880000","reference_id":"880000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880000"},{"reference_url":"https://security.archlinux.org/ASA-201710-27","reference_id":"ASA-201710-27","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-27"},{"reference_url":"https://security.archlinux.org/AVG-456","reference_id":"AVG-456","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-456"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5130","reference_id":"CVE-2017-5130","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5130"},{"reference_url":"https://security.gentoo.org/glsa/201710-24","reference_id":"GLSA-201710-24","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/"}],"url":"https://security.gentoo.org/glsa/201710-24"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed","reference_id":"?id=897dffbae322b46b83f99a607d527058a72c51ed","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/"}],"url":"https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2997","reference_id":"RHSA-2017:2997","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:2997"},{"reference_url":"http://bugzilla.gnome.org/show_bug.cgi?id=783026","reference_id":"show_bug.cgi?id=783026","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/"}],"url":"http://bugzilla.gnome.org/show_bug.cgi?id=783026"},{"reference_url":"https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html","reference_id":"stable-channel-update-for-desktop.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/"}],"url":"https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}],"aliases":["CVE-2017-5130"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57yv-ay7b-v7ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8804?format=json","vulnerability_id":"VCID-8tej-h12t-2fag","summary":"Improper Restriction of XML External Entity Reference\nA flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7375.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7375","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48692","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48777","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48826","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48817","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48829","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48869","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48873","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48823","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48815","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48841","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48824","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48827","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48818","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48773","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48754","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.48782","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.6347","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.6339","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00443","scoring_system":"epss","scoring_elements":"0.63416","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1462203","reference_id":"1462203","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1462203"},{"reference_url":"https://source.android.com/security/bulletin/2017-06-01","reference_id":"2017-06-01","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/"}],"url":"https://source.android.com/security/bulletin/2017-06-01"},{"reference_url":"https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa","reference_id":"308396a55280f69ad4112d4f9892f4cbeff042aa","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/"}],"url":"https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867","reference_id":"870867","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867"},{"reference_url":"http://www.securityfocus.com/bid/98877","reference_id":"98877","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/"}],"url":"http://www.securityfocus.com/bid/98877"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7375","reference_id":"CVE-2017-7375","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7375"},{"reference_url":"https://www.debian.org/security/2017/dsa-3952","reference_id":"dsa-3952","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/"}],"url":"https://www.debian.org/security/2017/dsa-3952"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e","reference_id":"?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/"}],"url":"https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e"},{"reference_url":"https://usn.ubuntu.com/3424-1/","reference_id":"USN-3424-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-1/"},{"reference_url":"https://usn.ubuntu.com/3424-2/","reference_id":"USN-3424-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035584?format=json","purl":"pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-2b1g-gp84-87e8"},{"vulnerability":"VCID-2j62-5rjn-vyeu"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-33n1-125n-63h6"},{"vulnerability":"VCID-3d1e-enaq-q3cx"},{"vulnerability":"VCID-3s4n-twju-b3dw"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-51f2-w9b7-9fb4"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-69ff-ngna-mkbv"},{"vulnerability":"VCID-6h9f-6pmg-3fh3"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-7h3p-7ej2-17f1"},{"vulnerability":"VCID-7rzw-9jj5-4ybk"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-9p2f-ynzb-r3gj"},{"vulnerability":"VCID-9q49-2srz-rkg7"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ah8e-sxuu-jqcw"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-b5tz-9s1v-pkg7"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bk98-bfkg-7bdt"},{"vulnerability":"VCID-bp8r-8jjt-hygw"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-cgfv-pps6-6khd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-e9c3-5gws-u3fp"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ecde-c15q-ukh1"},{"vulnerability":"VCID-eebz-xjem-cygz"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-ghaf-ynsg-uuea"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-gxsm-qvkt-gygy"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-ked7-5tjg-nudx"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-netm-9gxh-3yh4"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-r7q9-7u4b-83cz"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s3j9-1zq5-zkf5"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-t9pa-yw9s-kqb9"},{"vulnerability":"VCID-tazr-2qgq-77fy"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-tyk2-gq2c-bbcn"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vcq9-93xd-nfbe"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-wj66-7n6c-9kam"},{"vulnerability":"VCID-wtxh-xxp2-d3hr"},{"vulnerability":"VCID-wy5v-dsp3-a7aa"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1036961?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}],"aliases":["CVE-2017-7375"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8tej-h12t-2fag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8545?format=json","vulnerability_id":"VCID-gvmn-4dtv-8qcj","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nparser.c in libxml2 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16931.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16931.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16931","reference_id":"","reference_type":"","scores":[{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81135","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81036","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81059","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.8108","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81076","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81094","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.81973","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.81996","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.82004","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.82023","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.82012","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.82006","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.82042","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.82043","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.82066","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.82078","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.82082","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.81939","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.8195","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0165","scoring_system":"epss","scoring_elements":"0.81969","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16931"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=766956","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=766956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"http://xmlsoft.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://xmlsoft.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1517307","reference_id":"1517307","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1517307"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16931","reference_id":"CVE-2017-16931","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16931"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}],"aliases":["CVE-2017-16931"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gvmn-4dtv-8qcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7928?format=json","vulnerability_id":"VCID-mm88-amve-quh6","summary":"Out-of-bounds Read\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (buffer over-read) or information disclosure.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8872.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8872.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8872","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.393","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3947","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39461","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39485","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39399","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39454","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39481","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39442","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39425","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39477","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39449","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39363","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46183","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46125","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46026","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.4609","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46108","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46048","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46077","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46149","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46175","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8872"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=775200","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:59:00Z/"}],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=775200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:59:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1449541","reference_id":"1449541","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1449541"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862450","reference_id":"862450","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862450"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-8872","reference_id":"CVE-2017-8872","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-8872"},{"reference_url":"https://usn.ubuntu.com/4991-1/","reference_id":"USN-4991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}],"aliases":["CVE-2017-8872"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mm88-amve-quh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7950?format=json","vulnerability_id":"VCID-qqte-z1e6-xuh7","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nA buffer overflow was discovered in libxml2 . The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9047.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9047.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9047","reference_id":"","reference_type":"","scores":[{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85939","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85836","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85837","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85854","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85876","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85893","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85892","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85905","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85779","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85793","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.8579","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85787","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85805","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85803","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0266","scoring_system":"epss","scoring_elements":"0.85826","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02891","scoring_system":"epss","scoring_elements":"0.86278","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02891","scoring_system":"epss","scoring_elements":"0.86261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02891","scoring_system":"epss","scoring_elements":"0.86279","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02891","scoring_system":"epss","scoring_elements":"0.86298","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03032","scoring_system":"epss","scoring_elements":"0.86594","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452554","reference_id":"1452554","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452554"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022","reference_id":"863022","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9047","reference_id":"CVE-2017-9047","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9047"},{"reference_url":"https://usn.ubuntu.com/3424-1/","reference_id":"USN-3424-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-1/"},{"reference_url":"https://usn.ubuntu.com/3424-2/","reference_id":"USN-3424-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035584?format=json","purl":"pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-2b1g-gp84-87e8"},{"vulnerability":"VCID-2j62-5rjn-vyeu"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-33n1-125n-63h6"},{"vulnerability":"VCID-3d1e-enaq-q3cx"},{"vulnerability":"VCID-3s4n-twju-b3dw"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-51f2-w9b7-9fb4"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-69ff-ngna-mkbv"},{"vulnerability":"VCID-6h9f-6pmg-3fh3"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-7h3p-7ej2-17f1"},{"vulnerability":"VCID-7rzw-9jj5-4ybk"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-9p2f-ynzb-r3gj"},{"vulnerability":"VCID-9q49-2srz-rkg7"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ah8e-sxuu-jqcw"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-b5tz-9s1v-pkg7"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bk98-bfkg-7bdt"},{"vulnerability":"VCID-bp8r-8jjt-hygw"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-cgfv-pps6-6khd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-e9c3-5gws-u3fp"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ecde-c15q-ukh1"},{"vulnerability":"VCID-eebz-xjem-cygz"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-ghaf-ynsg-uuea"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-gxsm-qvkt-gygy"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-ked7-5tjg-nudx"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-netm-9gxh-3yh4"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-r7q9-7u4b-83cz"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s3j9-1zq5-zkf5"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-t9pa-yw9s-kqb9"},{"vulnerability":"VCID-tazr-2qgq-77fy"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-tyk2-gq2c-bbcn"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vcq9-93xd-nfbe"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-wj66-7n6c-9kam"},{"vulnerability":"VCID-wtxh-xxp2-d3hr"},{"vulnerability":"VCID-wy5v-dsp3-a7aa"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1036961?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}],"aliases":["CVE-2017-9047"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqte-z1e6-xuh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61904?format=json","vulnerability_id":"VCID-qxwq-xwaw-nyak","summary":"Multiple vulnerabilities have been found in libxml2, the worst of\n    which could result in the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0663.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0663.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0663","reference_id":"","reference_type":"","scores":[{"value":"0.00893","scoring_system":"epss","scoring_elements":"0.75767","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00893","scoring_system":"epss","scoring_elements":"0.75697","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00893","scoring_system":"epss","scoring_elements":"0.75713","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77399","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77405","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77436","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77445","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77471","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77451","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77448","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77488","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77486","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77479","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77513","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.7752","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77535","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77541","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77569","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77592","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01042","scoring_system":"epss","scoring_elements":"0.77393","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-0663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1462225","reference_id":"1462225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1462225"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870","reference_id":"870870","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870"},{"reference_url":"https://usn.ubuntu.com/3424-1/","reference_id":"USN-3424-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-1/"},{"reference_url":"https://usn.ubuntu.com/3424-2/","reference_id":"USN-3424-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035584?format=json","purl":"pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-2b1g-gp84-87e8"},{"vulnerability":"VCID-2j62-5rjn-vyeu"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-33n1-125n-63h6"},{"vulnerability":"VCID-3d1e-enaq-q3cx"},{"vulnerability":"VCID-3s4n-twju-b3dw"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-51f2-w9b7-9fb4"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-69ff-ngna-mkbv"},{"vulnerability":"VCID-6h9f-6pmg-3fh3"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-7h3p-7ej2-17f1"},{"vulnerability":"VCID-7rzw-9jj5-4ybk"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-9p2f-ynzb-r3gj"},{"vulnerability":"VCID-9q49-2srz-rkg7"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ah8e-sxuu-jqcw"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-b5tz-9s1v-pkg7"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bk98-bfkg-7bdt"},{"vulnerability":"VCID-bp8r-8jjt-hygw"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-cgfv-pps6-6khd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-e9c3-5gws-u3fp"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ecde-c15q-ukh1"},{"vulnerability":"VCID-eebz-xjem-cygz"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-ghaf-ynsg-uuea"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-gxsm-qvkt-gygy"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-ked7-5tjg-nudx"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-netm-9gxh-3yh4"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-r7q9-7u4b-83cz"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s3j9-1zq5-zkf5"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-t9pa-yw9s-kqb9"},{"vulnerability":"VCID-tazr-2qgq-77fy"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-tyk2-gq2c-bbcn"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vcq9-93xd-nfbe"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-wj66-7n6c-9kam"},{"vulnerability":"VCID-wtxh-xxp2-d3hr"},{"vulnerability":"VCID-wy5v-dsp3-a7aa"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1036961?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}],"aliases":["CVE-2017-0663"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxwq-xwaw-nyak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7949?format=json","vulnerability_id":"VCID-rhgj-t5cp-wkbh","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nlibxml2 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9048.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9048","reference_id":"","reference_type":"","scores":[{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.6967","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69492","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69513","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69498","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69484","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69523","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69532","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69512","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69564","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69571","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69576","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.6955","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69592","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69626","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69597","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00601","scoring_system":"epss","scoring_elements":"0.69622","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.69911","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.69903","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.69951","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.69898","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.69926","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452549","reference_id":"1452549","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452549"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021","reference_id":"863021","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021"},{"reference_url":"http://www.securityfocus.com/bid/98556","reference_id":"98556","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T11:40:41Z/"}],"url":"http://www.securityfocus.com/bid/98556"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9048","reference_id":"CVE-2017-9048","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9048"},{"reference_url":"https://usn.ubuntu.com/3424-1/","reference_id":"USN-3424-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-1/"},{"reference_url":"https://usn.ubuntu.com/3424-2/","reference_id":"USN-3424-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035584?format=json","purl":"pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-2b1g-gp84-87e8"},{"vulnerability":"VCID-2j62-5rjn-vyeu"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-33n1-125n-63h6"},{"vulnerability":"VCID-3d1e-enaq-q3cx"},{"vulnerability":"VCID-3s4n-twju-b3dw"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-51f2-w9b7-9fb4"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-69ff-ngna-mkbv"},{"vulnerability":"VCID-6h9f-6pmg-3fh3"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-7h3p-7ej2-17f1"},{"vulnerability":"VCID-7rzw-9jj5-4ybk"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-9p2f-ynzb-r3gj"},{"vulnerability":"VCID-9q49-2srz-rkg7"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ah8e-sxuu-jqcw"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-b5tz-9s1v-pkg7"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bk98-bfkg-7bdt"},{"vulnerability":"VCID-bp8r-8jjt-hygw"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-cgfv-pps6-6khd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-e9c3-5gws-u3fp"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ecde-c15q-ukh1"},{"vulnerability":"VCID-eebz-xjem-cygz"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-ghaf-ynsg-uuea"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-gxsm-qvkt-gygy"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-ked7-5tjg-nudx"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-netm-9gxh-3yh4"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-r7q9-7u4b-83cz"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s3j9-1zq5-zkf5"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-t9pa-yw9s-kqb9"},{"vulnerability":"VCID-tazr-2qgq-77fy"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-tyk2-gq2c-bbcn"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vcq9-93xd-nfbe"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-wj66-7n6c-9kam"},{"vulnerability":"VCID-wtxh-xxp2-d3hr"},{"vulnerability":"VCID-wy5v-dsp3-a7aa"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1036961?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}],"aliases":["CVE-2017-9048"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhgj-t5cp-wkbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14289?format=json","vulnerability_id":"VCID-s9r4-a3uz-4yhp","summary":"Integer Overflow or Wraparound\nIn libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29824","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22385","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22238","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22318","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22286","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22303","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22407","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22489","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22543","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22562","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22521","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22466","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22481","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22478","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22427","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22274","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22261","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22256","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22154","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22976","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2302","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29824"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxslt/-/tags","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxslt/-/tags"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526","reference_id":"1010526","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2082158","reference_id":"2082158","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2082158"},{"reference_url":"https://security.archlinux.org/AVG-2726","reference_id":"AVG-2726","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2726"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29824","reference_id":"CVE-2022-29824","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29824"},{"reference_url":"https://security.gentoo.org/glsa/202210-03","reference_id":"GLSA-202210-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5250","reference_id":"RHSA-2022:5250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5317","reference_id":"RHSA-2022:5317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5317"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5422-1/","reference_id":"USN-5422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1050248?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4"}],"aliases":["CVE-2022-29824"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9r4-a3uz-4yhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9793?format=json","vulnerability_id":"VCID-tn87-vke6-kuf6","summary":"Use After Free\nUse after free in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3401","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0287","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0287"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15412","reference_id":"","reference_type":"","scores":[{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83191","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83187","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83223","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83224","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83227","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83258","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.8325","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83149","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83174","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83181","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01891","scoring_system":"epss","scoring_elements":"0.83197","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01943","scoring_system":"epss","scoring_elements":"0.83398","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01943","scoring_system":"epss","scoring_elements":"0.8337","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01943","scoring_system":"epss","scoring_elements":"0.83383","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84511","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84527","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84466","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84485","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0248","scoring_system":"epss","scoring_elements":"0.85393","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02535","scoring_system":"epss","scoring_elements":"0.85611","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02535","scoring_system":"epss","scoring_elements":"0.85574","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15412"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=783160","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=783160"},{"reference_url":"https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"},{"reference_url":"https://crbug.com/727039","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://crbug.com/727039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1714","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1714"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html"},{"reference_url":"https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348"},{"reference_url":"https://www.debian.org/security/2018/dsa-4086","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4086"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1523128","reference_id":"1523128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1523128"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790","reference_id":"883790","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790"},{"reference_url":"https://security.archlinux.org/ASA-201712-5","reference_id":"ASA-201712-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-5"},{"reference_url":"https://security.archlinux.org/AVG-544","reference_id":"AVG-544","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-544"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15412","reference_id":"CVE-2017-15412","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15412"},{"reference_url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html","reference_id":"CVE-2017-15412.HTML","reference_type":"","scores":[],"url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html"},{"reference_url":"https://github.com/advisories/GHSA-r58r-74gx-6wx3","reference_id":"GHSA-r58r-74gx-6wx3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r58r-74gx-6wx3"},{"reference_url":"https://security.gentoo.org/glsa/201801-03","reference_id":"GLSA-201801-03","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201801-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"},{"reference_url":"https://usn.ubuntu.com/3513-1/","reference_id":"USN-3513-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3513-1/"},{"reference_url":"https://usn.ubuntu.com/3513-2/","reference_id":"USN-3513-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3513-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035584?format=json","purl":"pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-2b1g-gp84-87e8"},{"vulnerability":"VCID-2j62-5rjn-vyeu"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-33n1-125n-63h6"},{"vulnerability":"VCID-3d1e-enaq-q3cx"},{"vulnerability":"VCID-3s4n-twju-b3dw"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-51f2-w9b7-9fb4"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-69ff-ngna-mkbv"},{"vulnerability":"VCID-6h9f-6pmg-3fh3"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-7h3p-7ej2-17f1"},{"vulnerability":"VCID-7rzw-9jj5-4ybk"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-9p2f-ynzb-r3gj"},{"vulnerability":"VCID-9q49-2srz-rkg7"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ah8e-sxuu-jqcw"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-b5tz-9s1v-pkg7"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bk98-bfkg-7bdt"},{"vulnerability":"VCID-bp8r-8jjt-hygw"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-cgfv-pps6-6khd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-e9c3-5gws-u3fp"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ecde-c15q-ukh1"},{"vulnerability":"VCID-eebz-xjem-cygz"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-ghaf-ynsg-uuea"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-gxsm-qvkt-gygy"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-ked7-5tjg-nudx"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-netm-9gxh-3yh4"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-r7q9-7u4b-83cz"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s3j9-1zq5-zkf5"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-t9pa-yw9s-kqb9"},{"vulnerability":"VCID-tazr-2qgq-77fy"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-tyk2-gq2c-bbcn"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vcq9-93xd-nfbe"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-wj66-7n6c-9kam"},{"vulnerability":"VCID-wtxh-xxp2-d3hr"},{"vulnerability":"VCID-wy5v-dsp3-a7aa"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1036961?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}],"aliases":["CVE-2017-15412","GHSA-r58r-74gx-6wx3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tn87-vke6-kuf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7951?format=json","vulnerability_id":"VCID-ymhr-ads4-qqdp","summary":"Out-of-bounds Read\nlibxml2 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9049.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9049.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9049","reference_id":"","reference_type":"","scores":[{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63902","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64156","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64016","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64028","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64014","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63985","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.6402","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64032","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64039","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64052","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64049","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64018","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64063","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64109","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64076","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64102","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63961","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63989","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63948","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63999","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9049"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452556","reference_id":"1452556","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452556"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863019","reference_id":"863019","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863019"},{"reference_url":"http://www.securityfocus.com/bid/98601","reference_id":"98601","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:20:28Z/"}],"url":"http://www.securityfocus.com/bid/98601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9049","reference_id":"CVE-2017-9049","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9049"},{"reference_url":"https://usn.ubuntu.com/3424-1/","reference_id":"USN-3424-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-1/"},{"reference_url":"https://usn.ubuntu.com/3424-2/","reference_id":"USN-3424-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035584?format=json","purl":"pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-2b1g-gp84-87e8"},{"vulnerability":"VCID-2j62-5rjn-vyeu"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-33n1-125n-63h6"},{"vulnerability":"VCID-3d1e-enaq-q3cx"},{"vulnerability":"VCID-3s4n-twju-b3dw"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-51f2-w9b7-9fb4"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-69ff-ngna-mkbv"},{"vulnerability":"VCID-6h9f-6pmg-3fh3"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-7h3p-7ej2-17f1"},{"vulnerability":"VCID-7rzw-9jj5-4ybk"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-9p2f-ynzb-r3gj"},{"vulnerability":"VCID-9q49-2srz-rkg7"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ah8e-sxuu-jqcw"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-b5tz-9s1v-pkg7"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bk98-bfkg-7bdt"},{"vulnerability":"VCID-bp8r-8jjt-hygw"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-cgfv-pps6-6khd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-e9c3-5gws-u3fp"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ecde-c15q-ukh1"},{"vulnerability":"VCID-eebz-xjem-cygz"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-ghaf-ynsg-uuea"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-gxsm-qvkt-gygy"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-ked7-5tjg-nudx"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-netm-9gxh-3yh4"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-r7q9-7u4b-83cz"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s3j9-1zq5-zkf5"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-t9pa-yw9s-kqb9"},{"vulnerability":"VCID-tazr-2qgq-77fy"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-tyk2-gq2c-bbcn"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vcq9-93xd-nfbe"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-wj66-7n6c-9kam"},{"vulnerability":"VCID-wtxh-xxp2-d3hr"},{"vulnerability":"VCID-wy5v-dsp3-a7aa"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1036961?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}],"aliases":["CVE-2017-9049"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymhr-ads4-qqdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7953?format=json","vulnerability_id":"VCID-zm21-2pqq-3ker","summary":"Out-of-bounds Read\nlibxml2 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9050.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9050.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9050","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54543","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54476","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.5445","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54491","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54435","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54392","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54442","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54479","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54468","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54489","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54506","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54494","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.545","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54448","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54378","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54457","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54463","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54447","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54487","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.5451","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54507","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9050"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1673","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1673"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://security.gentoo.org/glsa/201711-01","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/"}],"url":"https://security.gentoo.org/glsa/201711-01"},{"reference_url":"http://www.debian.org/security/2017/dsa-3952","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/"}],"url":"http://www.debian.org/security/2017/dsa-3952"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/05/15/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/"}],"url":"http://www.openwall.com/lists/oss-security/2017/05/15/1"},{"reference_url":"http://www.securityfocus.com/bid/98568","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/"}],"url":"http://www.securityfocus.com/bid/98568"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452553","reference_id":"1452553","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452553"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863018","reference_id":"863018","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863018"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9050","reference_id":"CVE-2017-9050","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9050"},{"reference_url":"https://github.com/advisories/GHSA-8c56-cpmw-89x7","reference_id":"GHSA-8c56-cpmw-89x7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8c56-cpmw-89x7"},{"reference_url":"https://usn.ubuntu.com/3424-1/","reference_id":"USN-3424-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-1/"},{"reference_url":"https://usn.ubuntu.com/3424-2/","reference_id":"USN-3424-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3424-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035584?format=json","purl":"pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-2b1g-gp84-87e8"},{"vulnerability":"VCID-2j62-5rjn-vyeu"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-33n1-125n-63h6"},{"vulnerability":"VCID-3d1e-enaq-q3cx"},{"vulnerability":"VCID-3s4n-twju-b3dw"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-51f2-w9b7-9fb4"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-69ff-ngna-mkbv"},{"vulnerability":"VCID-6h9f-6pmg-3fh3"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-7h3p-7ej2-17f1"},{"vulnerability":"VCID-7rzw-9jj5-4ybk"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-9p2f-ynzb-r3gj"},{"vulnerability":"VCID-9q49-2srz-rkg7"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ah8e-sxuu-jqcw"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-b5tz-9s1v-pkg7"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bk98-bfkg-7bdt"},{"vulnerability":"VCID-bp8r-8jjt-hygw"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-cgfv-pps6-6khd"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-e9c3-5gws-u3fp"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ecde-c15q-ukh1"},{"vulnerability":"VCID-eebz-xjem-cygz"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-ghaf-ynsg-uuea"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-gxsm-qvkt-gygy"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-ked7-5tjg-nudx"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-netm-9gxh-3yh4"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-r7q9-7u4b-83cz"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s3j9-1zq5-zkf5"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-t9pa-yw9s-kqb9"},{"vulnerability":"VCID-tazr-2qgq-77fy"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-tyk2-gq2c-bbcn"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vcq9-93xd-nfbe"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-wj66-7n6c-9kam"},{"vulnerability":"VCID-wtxh-xxp2-d3hr"},{"vulnerability":"VCID-wy5v-dsp3-a7aa"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6"},{"url":"http://public2.vulnerablecode.io/api/packages/1036961?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-3whx-6t3e-7beq"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4hws-gtxr-3bge"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-57yv-ay7b-v7ev"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-8tej-h12t-2fag"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-gvmn-4dtv-8qcj"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-mm88-amve-quh6"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qqte-z1e6-xuh7"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-qxwq-xwaw-nyak"},{"vulnerability":"VCID-rhgj-t5cp-wkbh"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-tn87-vke6-kuf6"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"},{"vulnerability":"VCID-ymhr-ads4-qqdp"},{"vulnerability":"VCID-zm21-2pqq-3ker"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1038282?format=json","purl":"pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27jd-t23h-73f4"},{"vulnerability":"VCID-31w8-13b6-8beh"},{"vulnerability":"VCID-464a-typa-7qbu"},{"vulnerability":"VCID-4m3j-qy8c-4uhk"},{"vulnerability":"VCID-74y5-vcxn-2ygr"},{"vulnerability":"VCID-782a-uast-nbch"},{"vulnerability":"VCID-7bpp-2hvk-2udv"},{"vulnerability":"VCID-8d2w-3c3p-zqaz"},{"vulnerability":"VCID-9hqf-12yh-bkc8"},{"vulnerability":"VCID-aasn-u7fd-8bhy"},{"vulnerability":"VCID-ahha-vnq4-7qd2"},{"vulnerability":"VCID-azzy-m5pc-qudn"},{"vulnerability":"VCID-bejh-22y7-kuh6"},{"vulnerability":"VCID-bz1e-1ypb-kkgg"},{"vulnerability":"VCID-c9ds-faa9-t7be"},{"vulnerability":"VCID-cbm2-cez4-bqgh"},{"vulnerability":"VCID-d68t-f8j1-h3am"},{"vulnerability":"VCID-drkd-yykc-ayge"},{"vulnerability":"VCID-eb6k-ppfd-m7a3"},{"vulnerability":"VCID-ek5d-m9pn-3fec"},{"vulnerability":"VCID-hafa-bcpu-8uaj"},{"vulnerability":"VCID-nuh8-qd25-ykan"},{"vulnerability":"VCID-pdv9-xrh8-d3fz"},{"vulnerability":"VCID-qh44-gavt-rbdw"},{"vulnerability":"VCID-qp6y-dt1j-97df"},{"vulnerability":"VCID-qpnt-xvgv-s3cq"},{"vulnerability":"VCID-qtp3-a1g7-8kgw"},{"vulnerability":"VCID-qv3r-ppuc-zycz"},{"vulnerability":"VCID-rsvx-3f49-v3an"},{"vulnerability":"VCID-s9r4-a3uz-4yhp"},{"vulnerability":"VCID-t53m-6vvr-27cf"},{"vulnerability":"VCID-udew-3gre-13hy"},{"vulnerability":"VCID-ugyh-dycm-3bc3"},{"vulnerability":"VCID-vf7b-s3y3-sfhw"},{"vulnerability":"VCID-wc4g-sxyq-ubcd"},{"vulnerability":"VCID-x9ej-7dcq-tub2"},{"vulnerability":"VCID-xps8-1a3r-wke6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}],"aliases":["CVE-2017-9050","GHSA-8c56-cpmw-89x7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zm21-2pqq-3ker"}],"risk_score":"4.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4"}