{"url":"http://public2.vulnerablecode.io/api/packages/159689?format=json","purl":"pkg:gem/nokogiri@1.6.3.rc2","type":"gem","namespace":"","name":"nokogiri","version":"1.6.3.rc2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.19.3","latest_non_vulnerable_version":"1.19.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37942?format=json","vulnerability_id":"VCID-124d-zrmb-xue8","summary":"Multiple vulnerabilities in libxml2, libxslt\nThe vendored libxml2 and libxslt libraries have multiple vulnerabilities: CVE-2015-1819 CVE-2015-7941_1 CVE-2015-7941_2 CVE-2015-7942 CVE-2015-7942-2 CVE-2015-8035 CVE-2015-7995","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22"},{"reference_url":"https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1663--2015-11-16","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1663--2015-11-16"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/ac6106f1e641d50b27752c52b355e01d03ae8829","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/commit/ac6106f1e641d50b27752c52b355e01d03ae8829"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/ee52b7be5b47e1029af98f6b7eb6df7fc5ffd359","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/commit/ee52b7be5b47e1029af98f6b7eb6df7fc5ffd359"},{"reference_url":"https://groups.google.com/forum/#!topic/nokogiri-talk/gEpHWo2xLCE","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/nokogiri-talk/gEpHWo2xLCE"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52401?format=json","purl":"pkg:gem/nokogiri@1.6.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-9m3t-anwb-4fbx"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-b8q3-sd61-rqhf"},{"vulnerability":"VCID-ba5w-ed8b-duar"},{"vulnerability":"VCID-by7n-zrpn-jubw"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-efx2-bpu9-z7a4"},{"vulnerability":"VCID-egft-crba-6ubx"},{"vulnerability":"VCID-fn1n-adz5-5fcy"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/52351?format=json","purl":"pkg:gem/nokogiri@1.6.7.rc4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-9m3t-anwb-4fbx"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-b8q3-sd61-rqhf"},{"vulnerability":"VCID-by7n-zrpn-jubw"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-efx2-bpu9-z7a4"},{"vulnerability":"VCID-egft-crba-6ubx"},{"vulnerability":"VCID-fn1n-adz5-5fcy"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.rc4"}],"aliases":["GMS-2015-42"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-124d-zrmb-xue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53460?format=json","vulnerability_id":"VCID-1sh8-bsk3-auct","summary":"libxml2 has a global Buffer Overflow vulnerability in `xmlEncodeEntitiesInternal` at `libxml2/entities.c`.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24977","reference_id":"","reference_type":"","scores":[{"value":"0.00697","scoring_system":"epss","scoring_elements":"0.72316","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24977"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/178","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/178"},{"reference_url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/"},{"reference_url":"https://security.gentoo.org/glsa/202107-05","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-05"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200924-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200924-0001/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1877788","reference_id":"1877788","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1877788"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529","reference_id":"969529","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529"},{"reference_url":"https://security.archlinux.org/ASA-202011-15","reference_id":"ASA-202011-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-15"},{"reference_url":"https://security.archlinux.org/AVG-1263","reference_id":"AVG-1263","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1263"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24977","reference_id":"CVE-2020-24977","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1597","reference_id":"RHSA-2021:1597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1597"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58355?format=json","purl":"pkg:gem/nokogiri@1.11.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4"}],"aliases":["CVE-2020-24977"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sh8-bsk3-auct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51504?format=json","vulnerability_id":"VCID-2r85-egs8-4be3","summary":"Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability\n### Description\n\nIn Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by `Nokogiri::XML::Schema`\nare **trusted** by default, allowing external resources to be accessed over the\nnetwork, potentially enabling XXE or SSRF attacks.\n\nThis behavior is counter to\nthe security policy followed by Nokogiri maintainers, which is to treat all input\nas **untrusted** by default whenever possible.\n\nPlease note that this security\nfix was pushed into a new minor version, 1.11.x, rather than a patch release to\nthe 1.10.x branch, because it is a breaking change for some schemas and the risk\nwas assessed to be \"Low Severity\".\n\n### Affected Versions\n\nNokogiri `<= 1.10.10` as well as prereleases `1.11.0.rc1`, `1.11.0.rc2`, and `1.11.0.rc3`\n\n### Mitigation\n\nThere are no known workarounds for affected versions. Upgrade to Nokogiri\n`1.11.0.rc4` or later.\n\nIf, after upgrading to `1.11.0.rc4` or later, you wish\nto re-enable network access for resolution of external resources (i.e., return to\nthe previous behavior):\n\n1. Ensure the input is trusted. Do not enable this option\nfor untrusted input.\n2. When invoking the `Nokogiri::XML::Schema` constructor,\npass as the second parameter an instance of `Nokogiri::XML::ParseOptions` with the\n`NONET` flag turned off.\n\nSo if your previous code was:\n\n``` ruby\n# in v1.11.0.rc3 and earlier, this call allows resources to be accessed over the network\n# but in v1.11.0.rc4 and later, this call will disallow network access for external resources\nschema = Nokogiri::XML::Schema.new(schema)\n\n# in v1.11.0.rc4 and later, the following is equivalent to the code above\n# (the second parameter is optional, and this demonstrates its default value)\nschema = Nokogiri::XML::Schema.new(schema, Nokogiri::XML::ParseOptions::DEFAULT_SCHEMA)\n```\n\nThen you can add the second parameter to indicate that the input is trusted by changing it to:\n\n``` ruby\n# in v1.11.0.rc3 and earlier, this would raise an ArgumentError\n# but in v1.11.0.rc4 and later, this allows resources to be accessed over the network\nschema = Nokogiri::XML::Schema.new(trusted_schema, Nokogiri::XML::ParseOptions.new.nononet)\n```","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26247","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49512","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26247"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m"},{"reference_url":"https://hackerone.com/reports/747489","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/747489"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"},{"reference_url":"https://rubygems.org/gems/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubygems.org/gems/nokogiri"},{"reference_url":"https://security.gentoo.org/glsa/202208-29","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202208-29"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912487","reference_id":"1912487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912487"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967","reference_id":"978967","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26247","reference_id":"CVE-2020-26247","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5191","reference_id":"RHSA-2021:5191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5191"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79427?format=json","purl":"pkg:gem/nokogiri@1.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.0"}],"aliases":["CVE-2020-26247","GHSA-vr8q-g5c7-m54m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2r85-egs8-4be3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41140?format=json","vulnerability_id":"VCID-5xuf-r7bj-33fa","summary":"Improper Input Validation\nIn `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13117","reference_id":"","reference_type":"","scores":[{"value":"0.04376","scoring_system":"epss","scoring_elements":"0.89156","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13117"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1943","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1943"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ"},{"reference_url":"https://oss-fuzz.com/testcase-detail/5631739747106816","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oss-fuzz.com/testcase-detail/5631739747106816"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190806-0004","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190806-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200122-0003","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200122-0003"},{"reference_url":"https://usn.ubuntu.com/4164-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4164-1"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/11/17/2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/11/17/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728546","reference_id":"1728546","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728546"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321","reference_id":"931321","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13117","reference_id":"CVE-2019-13117","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13117"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58267?format=json","purl":"pkg:gem/nokogiri@1.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5"}],"aliases":["CVE-2019-13117","GHSA-4hm9-844j-jmxp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xuf-r7bj-33fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4780?format=json","vulnerability_id":"VCID-9m3t-anwb-4fbx","summary":"arbitrary code execution","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4658","reference_id":"","reference_type":"","scores":[{"value":"0.15391","scoring_system":"epss","scoring_elements":"0.94767","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1615","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1615"},{"reference_url":"https://security.gentoo.org/glsa/201701-37","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-37"},{"reference_url":"https://support.apple.com/HT207141","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT207141"},{"reference_url":"https://support.apple.com/HT207142","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT207142"},{"reference_url":"https://support.apple.com/HT207143","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT207143"},{"reference_url":"https://support.apple.com/HT207170","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT207170"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1384424","reference_id":"1384424","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1384424"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553","reference_id":"840553","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553"},{"reference_url":"https://security.archlinux.org/ASA-201611-2","reference_id":"ASA-201611-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-2"},{"reference_url":"https://security.archlinux.org/AVG-56","reference_id":"AVG-56","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-56"},{"reference_url":"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html","reference_id":"CVE-2016-4448.HTML","reference_type":"","scores":[],"url":"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4658","reference_id":"CVE-2016-4658","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4658"},{"reference_url":"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html","reference_id":"CVE-2016-4658.HTML","reference_type":"","scores":[],"url":"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html"},{"reference_url":"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html","reference_id":"CVE-2016-5131.HTML","reference_type":"","scores":[],"url":"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3810","reference_id":"RHSA-2021:3810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3810"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52887?format=json","purl":"pkg:gem/nokogiri@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.1"}],"aliases":["CVE-2016-4658","GHSA-fr52-4hqw-p27f"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9m3t-anwb-4fbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40102?format=json","vulnerability_id":"VCID-akrb-6bu8-nqfq","summary":"NULL Pointer Dereference\nA NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1543","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1543"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14404","reference_id":"","reference_type":"","scores":[{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95589","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14404"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595985","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595985"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1785","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1785"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/issues/10","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/issues/10"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190719-0002"},{"reference_url":"https://usn.ubuntu.com/3739-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-1"},{"reference_url":"https://usn.ubuntu.com/3739-2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14404","reference_id":"CVE-2018-14404","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14404"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml","reference_id":"CVE-2018-14404.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml"},{"reference_url":"https://github.com/advisories/GHSA-6qvp-r6r3-9p7h","reference_id":"GHSA-6qvp-r6r3-9p7h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6qvp-r6r3-9p7h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1827","reference_id":"RHSA-2020:1827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1827"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57344?format=json","purl":"pkg:gem/nokogiri@1.8.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.5"}],"aliases":["CVE-2018-14404","GHSA-6qvp-r6r3-9p7h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akrb-6bu8-nqfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4595?format=json","vulnerability_id":"VCID-b8q3-sd61-rqhf","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5029.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5029.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5029","reference_id":"","reference_type":"","scores":[{"value":"0.01232","scoring_system":"epss","scoring_elements":"0.79516","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5029"},{"reference_url":"https://crbug.com/676623","reference_id":"","reference_type":"","scores":[],"url":"https://crbug.com/676623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046"},{"reference_url":"https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5"},{"reference_url":"https://github.com/advisories/GHSA-pf6m-fxpq-fg8v","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pf6m-fxpq-fg8v"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1634","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1634"},{"reference_url":"https://ubuntu.com/security/CVE-2017-5029","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/security/CVE-2017-5029"},{"reference_url":"https://ubuntu.com/security/notices/USN-3271-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/security/notices/USN-3271-1"},{"reference_url":"http://www.securityfocus.com/bid/96767","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96767"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1431033","reference_id":"1431033","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1431033"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546","reference_id":"858546","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546"},{"reference_url":"https://security.archlinux.org/ASA-201703-4","reference_id":"ASA-201703-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-4"},{"reference_url":"https://security.archlinux.org/ASA-201703-5","reference_id":"ASA-201703-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-5"},{"reference_url":"https://security.archlinux.org/AVG-195","reference_id":"AVG-195","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-195"},{"reference_url":"https://security.archlinux.org/AVG-196","reference_id":"AVG-196","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-196"},{"reference_url":"https://security.archlinux.org/AVG-197","reference_id":"AVG-197","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-197"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5029","reference_id":"CVE-2017-5029","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5029"},{"reference_url":"https://security.gentoo.org/glsa/201804-01","reference_id":"GLSA-201804-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0499","reference_id":"RHSA-2017:0499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0499"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52887?format=json","purl":"pkg:gem/nokogiri@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/143915?format=json","purl":"pkg:gem/nokogiri@1.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.2"}],"aliases":["CVE-2017-5029","GHSA-pf6m-fxpq-fg8v"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8q3-sd61-rqhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37947?format=json","vulnerability_id":"VCID-ba5w-ed8b-duar","summary":"Unsafe parsing of unclosed comments\nParsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory access.","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22"},{"reference_url":"https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1664--2015-11-19","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1664--2015-11-19"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/0948e9fa38c949661983a33752fdcb94a453e272","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/commit/0948e9fa38c949661983a33752fdcb94a453e272"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/3ab1b2339f7bb3a00590c8d288a24a9dbfe5aec4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/commit/3ab1b2339f7bb3a00590c8d288a24a9dbfe5aec4"},{"reference_url":"https://groups.google.com/forum/#!topic/nokogiri-talk/nFl0mfcJpbk","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/nokogiri-talk/nFl0mfcJpbk"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52350?format=json","purl":"pkg:gem/nokogiri@1.6.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-9m3t-anwb-4fbx"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-b8q3-sd61-rqhf"},{"vulnerability":"VCID-by7n-zrpn-jubw"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-efx2-bpu9-z7a4"},{"vulnerability":"VCID-egft-crba-6ubx"},{"vulnerability":"VCID-fn1n-adz5-5fcy"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52351?format=json","purl":"pkg:gem/nokogiri@1.6.7.rc4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-9m3t-anwb-4fbx"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-b8q3-sd61-rqhf"},{"vulnerability":"VCID-by7n-zrpn-jubw"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-efx2-bpu9-z7a4"},{"vulnerability":"VCID-egft-crba-6ubx"},{"vulnerability":"VCID-fn1n-adz5-5fcy"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.rc4"}],"aliases":["GMS-2015-43"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ba5w-ed8b-duar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37976?format=json","vulnerability_id":"VCID-by7n-zrpn-jubw","summary":"Vulnerabilities in libxml2\nThe vendored version of libxml2 is affected by multiple vulnerabilities.","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5"},{"reference_url":"https://github.com/sparklemotion/nokogiri/pull/1378","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/pull/1378"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5312","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5312"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7497","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7497"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7498","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7498"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7499","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7499"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7500","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7500"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8241","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8241"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8242","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8242"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8317","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8317"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52454?format=json","purl":"pkg:gem/nokogiri@1.6.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-9m3t-anwb-4fbx"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-b8q3-sd61-rqhf"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-egft-crba-6ubx"},{"vulnerability":"VCID-fn1n-adz5-5fcy"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.1"}],"aliases":["GMS-2015-52"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-by7n-zrpn-jubw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37897?format=json","vulnerability_id":"VCID-cgmw-k7dg-gbdw","summary":"Vulnerabilities in libxml2 and libxslt\nSeveral vulnerabilities were discovered in the libxml2 and libxslt libraries that this package gem depends on.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1419.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1419.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2550.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2550.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1819.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1819.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1819","reference_id":"","reference_type":"","scores":[{"value":"0.02045","scoring_system":"epss","scoring_elements":"0.8417","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/8f3de6d88d0da11fb62a45daa61b85ce71b4af59","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/commit/8f3de6d88d0da11fb62a45daa61b85ce71b4af59"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1374","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1374"},{"reference_url":"https://github.com/sparklemotion/nokogiri/pull/1376","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/pull/1376"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1819","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1819"},{"reference_url":"https://security.gentoo.org/glsa/201507-08","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201507-08"},{"reference_url":"https://security.gentoo.org/glsa/201701-37","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-37"},{"reference_url":"https://support.apple.com/HT206166","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT206166"},{"reference_url":"https://support.apple.com/HT206167","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT206167"},{"reference_url":"https://support.apple.com/HT206168","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT206168"},{"reference_url":"https://support.apple.com/HT206169","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT206169"},{"reference_url":"http://www.debian.org/security/2015/dsa-3430","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3430"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2812-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2812-1"},{"reference_url":"http://xmlsoft.org/news.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://xmlsoft.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1211278","reference_id":"1211278","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1211278"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782782","reference_id":"782782","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1419","reference_id":"RHSA-2015:1419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2550","reference_id":"RHSA-2015:2550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2550"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52350?format=json","purl":"pkg:gem/nokogiri@1.6.6.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-9m3t-anwb-4fbx"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-b8q3-sd61-rqhf"},{"vulnerability":"VCID-by7n-zrpn-jubw"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-efx2-bpu9-z7a4"},{"vulnerability":"VCID-egft-crba-6ubx"},{"vulnerability":"VCID-fn1n-adz5-5fcy"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52351?format=json","purl":"pkg:gem/nokogiri@1.6.7.rc4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-9m3t-anwb-4fbx"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-b8q3-sd61-rqhf"},{"vulnerability":"VCID-by7n-zrpn-jubw"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-efx2-bpu9-z7a4"},{"vulnerability":"VCID-egft-crba-6ubx"},{"vulnerability":"VCID-fn1n-adz5-5fcy"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.rc4"}],"aliases":["CVE-2015-1819","GHSA-q7wx-62r7-j2x7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cgmw-k7dg-gbdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51499?format=json","vulnerability_id":"VCID-chdv-jk6d-uuga","summary":"Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171\n## Summary\n\nNokogiri v1.18.3 upgrades its dependency libxml2 to\n[v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6).\n\nlibxml2 v2.13.6 addresses:\n\n- CVE-2025-24928\n  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847\n- CVE-2024-56171\n   - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828\n\n## Impact\n\n### CVE-2025-24928\n\nStack-buffer overflow is possible when reporting DTD validation\nerrors if the input contains a long (~3kb) QName prefix.\n\n### CVE-2024-56171\n\nUse-after-free is possible during validation against untrusted\nXML Schemas (.xsd) and, potentially, validation of untrusted documents\nagainst trusted Schemas if they make use of `xsd:keyref` in combination\nwith recursively defined types that have additional identity constraints.","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m"},{"reference_url":"https://github.com/advisories/GHSA-vvfq-8hwr-qm4m","reference_id":"GHSA-vvfq-8hwr-qm4m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vvfq-8hwr-qm4m"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml","reference_id":"GHSA-vvfq-8hwr-qm4m.yml","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84149?format=json","purl":"pkg:gem/nokogiri@1.18.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.3"}],"aliases":["GHSA-vvfq-8hwr-qm4m"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-chdv-jk6d-uuga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50194?format=json","vulnerability_id":"VCID-d13x-y75t-2ugx","summary":"Nokogiri does not check the return value from xmlC14NExecute\nNokogiri's CRuby extension fails to check the return value from `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize` and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may allow downstream libraries to accept invalid or incomplete canonicalized XML, which has been demonstrated to enable signature validation bypass in SAML libraries.\n\nJRuby is not affected, as the Java implementation correctly raises `RuntimeError` on canonicalization failure.","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/advisories/GHSA-wx95-c6cv-8532","reference_id":"GHSA-wx95-c6cv-8532","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wx95-c6cv-8532"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532","reference_id":"GHSA-wx95-c6cv-8532","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74105?format=json","purl":"pkg:gem/nokogiri@1.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d13x-y75t-2ugx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.19.1"}],"aliases":["GHSA-wx95-c6cv-8532"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d13x-y75t-2ugx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37978?format=json","vulnerability_id":"VCID-efx2-bpu9-z7a4","summary":"Vulnerabilities in libxml2\nSeveral vulnerabilities were discovered in the libxml2 library that this package gem depends on.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=145382616617563&w=2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=145382616617563&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2549.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2549.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2550.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2550.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5312.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5312","reference_id":"","reference_type":"","scores":[{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.7816","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5312"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1276693","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1276693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-5312.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-5312.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5"},{"reference_url":"https://github.com/sparklemotion/nokogiri/pull/1378","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/pull/1378"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"},{"reference_url":"https://security.gentoo.org/glsa/201701-37","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-37"},{"reference_url":"https://support.apple.com/HT206166","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT206166"},{"reference_url":"https://support.apple.com/HT206167","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT206167"},{"reference_url":"https://support.apple.com/HT206168","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT206168"},{"reference_url":"https://support.apple.com/HT206169","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT206169"},{"reference_url":"http://www.debian.org/security/2015/dsa-3430","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3430"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"reference_url":"http://www.ubuntu.com/usn/USN-2834-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2834-1"},{"reference_url":"http://xmlsoft.org/news.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://xmlsoft.org/news.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5312","reference_id":"CVE-2015-5312","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5312"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2549","reference_id":"RHSA-2015:2549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2550","reference_id":"RHSA-2015:2550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1089","reference_id":"RHSA-2016:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1089"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52454?format=json","purl":"pkg:gem/nokogiri@1.6.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-9m3t-anwb-4fbx"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-b8q3-sd61-rqhf"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-egft-crba-6ubx"},{"vulnerability":"VCID-fn1n-adz5-5fcy"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.1"}],"aliases":["CVE-2015-5312","GHSA-xjqg-9jvg-fgx2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-efx2-bpu9-z7a4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38085?format=json","vulnerability_id":"VCID-egft-crba-6ubx","summary":"Uncontrolled Resource Consumption\ndict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the \"<!DOCTYPE html\" substring in a crafted HTML document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8806.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8806.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8806","reference_id":"","reference_type":"","scores":[{"value":"0.08565","scoring_system":"epss","scoring_elements":"0.92549","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8806"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=749115","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=749115"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1473","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1473"},{"reference_url":"https://mail.gnome.org/archives/xml/2016-May/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"https://mail.gnome.org/archives/xml/2016-May/msg00023.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-37","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-37"},{"reference_url":"https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071"},{"reference_url":"https://www.debian.org/security/2016/dsa-3593","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2016/dsa-3593"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/02/03/5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/02/03/5"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"reference_url":"http://www.ubuntu.com/usn/usn-2994-1/","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/usn-2994-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-2994-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2994-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1304636","reference_id":"1304636","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1304636"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613","reference_id":"813613","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8806","reference_id":"CVE-2015-8806","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8806"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52644?format=json","purl":"pkg:gem/nokogiri@1.6.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-9m3t-anwb-4fbx"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-b8q3-sd61-rqhf"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.8"}],"aliases":["CVE-2015-8806","GHSA-7hp2-xwpj-95jq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egft-crba-6ubx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37972?format=json","vulnerability_id":"VCID-fn1n-adz5-5fcy","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nHeap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2549.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2549.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2550.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-2550.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7499.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7499.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7499","reference_id":"","reference_type":"","scores":[{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.7272","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7499"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1281925","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1281925"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da"},{"reference_url":"https://github.com/advisories/GHSA-jxjr-5h69-qw3w","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jxjr-5h69-qw3w"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM"},{"reference_url":"https://security.gentoo.org/glsa/201701-37","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-37"},{"reference_url":"https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509"},{"reference_url":"https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243"},{"reference_url":"http://www.debian.org/security/2015/dsa-3430","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3430"},{"reference_url":"http://www.ubuntu.com/usn/USN-2834-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2834-1"},{"reference_url":"http://xmlsoft.org/news.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://xmlsoft.org/news.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7499","reference_id":"CVE-2015-7499","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2549","reference_id":"RHSA-2015:2549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2550","reference_id":"RHSA-2015:2550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1089","reference_id":"RHSA-2016:1089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1089"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52457?format=json","purl":"pkg:gem/nokogiri@1.6.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-9m3t-anwb-4fbx"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-b8q3-sd61-rqhf"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-egft-crba-6ubx"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/160400?format=json","purl":"pkg:gem/nokogiri@1.6.8.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-9m3t-anwb-4fbx"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-b8q3-sd61-rqhf"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-egft-crba-6ubx"},{"vulnerability":"VCID-fn1n-adz5-5fcy"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gdgu-7d3a-uygr"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-m91c-mfu9-bbbh"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.8.rc1"}],"aliases":["CVE-2015-7499","GHSA-jxjr-5h69-qw3w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fn1n-adz5-5fcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41139?format=json","vulnerability_id":"VCID-ft4s-195a-8fcf","summary":"Improper Input Validation\nIn `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13118","reference_id":"","reference_type":"","scores":[{"value":"0.01008","scoring_system":"epss","scoring_elements":"0.77408","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13118"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Aug/11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Aug/11"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Aug/13","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Aug/13"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Aug/14","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Aug/14"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Aug/15","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Aug/15"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Jul/22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Jul/22"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Jul/23","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Jul/23"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Jul/24","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Jul/24"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Jul/26","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Jul/26"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Jul/31","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Jul/31"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Jul/37","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Jul/37"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Jul/38","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/Jul/38"},{"reference_url":"https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1943","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1943"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ"},{"reference_url":"https://oss-fuzz.com/testcase-detail/5197371471822848","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oss-fuzz.com/testcase-detail/5197371471822848"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/21","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/21"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/22","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/22"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/23","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/23"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/25","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Aug/25"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/35","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jul/35"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/36","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jul/36"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/37","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jul/37"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/40","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jul/40"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/41","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jul/41"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/42","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Jul/42"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190806-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190806-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200122-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200122-0003"},{"reference_url":"https://support.apple.com/kb/HT210346","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT210346"},{"reference_url":"https://support.apple.com/kb/HT210348","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT210348"},{"reference_url":"https://support.apple.com/kb/HT210351","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT210351"},{"reference_url":"https://support.apple.com/kb/HT210353","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT210353"},{"reference_url":"https://support.apple.com/kb/HT210356","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT210356"},{"reference_url":"https://support.apple.com/kb/HT210357","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT210357"},{"reference_url":"https://support.apple.com/kb/HT210358","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT210358"},{"reference_url":"https://usn.ubuntu.com/4164-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4164-1"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/11/17/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/11/17/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728541","reference_id":"1728541","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728541"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320","reference_id":"931320","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13118","reference_id":"CVE-2019-13118","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13118"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58267?format=json","purl":"pkg:gem/nokogiri@1.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5"}],"aliases":["CVE-2019-13118","GHSA-cf46-6xxh-pc75"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ft4s-195a-8fcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38853?format=json","vulnerability_id":"VCID-gdgu-7d3a-uygr","summary":"Vulnerabilities in libxml2\nThe version of libxml2 packaged with Nokogiri contains several vulnerabilities. Nokogiri has mitigated these issues by upgrading to libxml It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use this to specially construct XML data that could expose sensitive information. (CVE-2017-7375) It was discovered that a buffer overflow existed in libxml2 when handling HTTP redirects. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-7376) Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-9047) Marcel Böhme and Van-Thuan Pham discovered a buffer overread in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service. (CVE-2017-9048) Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads in libxml2 when handling parameter-entity references. An attacker could use these to specially construct XML data that could cause a denial of service. (CVE-2017-9049, CVE-2017-9050)","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1673","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/issues/1673"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54117?format=json","purl":"pkg:gem/nokogiri@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.1"}],"aliases":["USN-3424-1"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdgu-7d3a-uygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39522?format=json","vulnerability_id":"VCID-gwrv-agck-yuex","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIn the Loofah gem for Ruby, denylisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8048.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8048","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72159","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8048"},{"reference_url":"https://github.com/advisories/GHSA-x7rv-cr6v-4vm4","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7rv-cr6v-4vm4"},{"reference_url":"https://github.com/flavorjones/loofah","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/flavorjones/loofah"},{"reference_url":"https://github.com/flavorjones/loofah/commit/f739cf8eac5851f328b8044281d6653f74eff116","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/flavorjones/loofah/commit/f739cf8eac5851f328b8044281d6653f74eff116"},{"reference_url":"https://github.com/flavorjones/loofah/issues/144","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/flavorjones/loofah/issues/144"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-8048.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-8048.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-8048.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-8048.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/pull/1746","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/pull/1746"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191122-0003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20191122-0003"},{"reference_url":"https://www.debian.org/security/2018/dsa-4171","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4171"},{"reference_url":"http://www.openwall.com/lists/oss-security/2018/03/19/5","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2018/03/19/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1559071","reference_id":"1559071","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1559071"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596","reference_id":"893596","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8048","reference_id":"CVE-2018-8048","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8048"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55260?format=json","purl":"pkg:gem/nokogiri@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.3"}],"aliases":["CVE-2018-8048","GHSA-x7rv-cr6v-4vm4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwrv-agck-yuex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39554?format=json","vulnerability_id":"VCID-j98t-paam-97ec","summary":"Allocation of Resources Without Limits or Throttling\nThe xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18258","reference_id":"","reference_type":"","scores":[{"value":"0.00898","scoring_system":"epss","scoring_elements":"0.7602","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18258"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0001","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190719-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190719-0001/"},{"reference_url":"https://usn.ubuntu.com/3739-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-1"},{"reference_url":"https://usn.ubuntu.com/3739-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3739-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1566749","reference_id":"1566749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1566749"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245","reference_id":"895245","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245"},{"reference_url":"https://security.archlinux.org/AVG-671","reference_id":"AVG-671","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-671"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18258","reference_id":"CVE-2017-18258","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18258"},{"reference_url":"https://github.com/advisories/GHSA-882p-jqgm-f45g","reference_id":"GHSA-882p-jqgm-f45g","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-882p-jqgm-f45g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55376?format=json","purl":"pkg:gem/nokogiri@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.2"}],"aliases":["CVE-2017-18258","GHSA-882p-jqgm-f45g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j98t-paam-97ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40906?format=json","vulnerability_id":"VCID-jvd7-7jes-4ffn","summary":"Bypass of a protection mechanism in libxslt\nThe libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11068","reference_id":"","reference_type":"","scores":[{"value":"0.01133","scoring_system":"epss","scoring_elements":"0.78684","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1892","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1892"},{"reference_url":"https://github.com/sparklemotion/nokogiri/pull/1898","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/pull/1898"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191017-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20191017-0001"},{"reference_url":"https://usn.ubuntu.com/3947-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3947-1"},{"reference_url":"https://usn.ubuntu.com/3947-2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3947-2"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/22/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/04/22/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/23/5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/04/23/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1709697","reference_id":"1709697","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1709697"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895","reference_id":"926895","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11068","reference_id":"CVE-2019-11068","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11068"},{"reference_url":"https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068","reference_id":"CVE-2019-11068","reference_type":"","scores":[],"url":"https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2019-11068","reference_id":"CVE-2019-11068","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2019-11068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4005","reference_id":"RHSA-2020:4005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4464","reference_id":"RHSA-2020:4464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4464"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75864?format=json","purl":"pkg:gem/nokogiri@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.3"},{"url":"http://public2.vulnerablecode.io/api/packages/57780?format=json","purl":"pkg:gem/nokogiri@1.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4"}],"aliases":["CVE-2019-11068","GHSA-qxcg-xjjg-66mj"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvd7-7jes-4ffn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51498?format=json","vulnerability_id":"VCID-jxz3-ug52-cuhn","summary":"libxml2 2.9.10 has an infinite loop in a certain end-of-file situation\nNokogiri has backported the patch for CVE-2020-7595 into its vendored version\nof libxml2, and released this as v1.10.8\n\nCVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and\nso Nokogiri versions <= v1.10.7 are vulnerable.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7595","reference_id":"","reference_type":"","scores":[{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65244","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7595"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1992","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1992"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"},{"reference_url":"https://security.gentoo.org/glsa/202010-04","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202010-04"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200702-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200702-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200702-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200702-0005/"},{"reference_url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"},{"reference_url":"https://usn.ubuntu.com/4274-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4274-1"},{"reference_url":"https://usn.ubuntu.com/4274-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4274-1/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1799786","reference_id":"1799786","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1799786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582","reference_id":"949582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582"},{"reference_url":"https://security.archlinux.org/ASA-202011-15","reference_id":"ASA-202011-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-15"},{"reference_url":"https://security.archlinux.org/AVG-1263","reference_id":"AVG-1263","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1263"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7595","reference_id":"CVE-2020-7595","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3996","reference_id":"RHSA-2020:3996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4479","reference_id":"RHSA-2020:4479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76493?format=json","purl":"pkg:gem/nokogiri@1.10.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.8"}],"aliases":["CVE-2020-7595","GHSA-7553-jr98-vx47"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxz3-ug52-cuhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39177?format=json","vulnerability_id":"VCID-m91c-mfu9-bbbh","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\nparser.c in libxml2 does not prevent infinite recursion in parameter entities.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16932","reference_id":"","reference_type":"","scores":[{"value":"0.21755","scoring_system":"epss","scoring_elements":"0.95849","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16932"},{"reference_url":"https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=759579","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=759579"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932"},{"reference_url":"https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1714","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1714"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"},{"reference_url":"https://usn.ubuntu.com/3739-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-1"},{"reference_url":"https://usn.ubuntu.com/usn/usn-3504-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/usn/usn-3504-1/"},{"reference_url":"http://xmlsoft.org/news.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://xmlsoft.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1517316","reference_id":"1517316","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1517316"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613","reference_id":"882613","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16932","reference_id":"CVE-2017-16932","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16932"},{"reference_url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html","reference_id":"CVE-2017-16932.HTML","reference_type":"","scores":[],"url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54117?format=json","purl":"pkg:gem/nokogiri@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-j98t-paam-97ec"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-ueh5-fv4d-a7a8"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.1"}],"aliases":["CVE-2017-16932","GHSA-x2fm-93ww-ggvx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m91c-mfu9-bbbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46947?format=json","vulnerability_id":"VCID-p6m6-7kgc-y3g8","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/discussions/3146","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/discussions/3146"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/604","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/604"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25062","reference_id":"CVE-2024-25062","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25062"},{"reference_url":"https://github.com/advisories/GHSA-xc9x-jj77-9p9j","reference_id":"GHSA-xc9x-jj77-9p9j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xc9x-jj77-9p9j"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j","reference_id":"GHSA-xc9x-jj77-9p9j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml","reference_id":"GHSA-xc9x-jj77-9p9j.yml","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68770?format=json","purl":"pkg:gem/nokogiri@1.15.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.15.6"},{"url":"http://public2.vulnerablecode.io/api/packages/169016?format=json","purl":"pkg:gem/nokogiri@1.16.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/68769?format=json","purl":"pkg:gem/nokogiri@1.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.2"}],"aliases":["GHSA-xc9x-jj77-9p9j","GMS-2024-127"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6m6-7kgc-y3g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51501?format=json","vulnerability_id":"VCID-pb6j-zdqw-g7cj","summary":"Nokogiri patches vendored libxml2 to resolve multiple CVEs\n## Summary\n\nNokogiri v1.18.9 patches the vendored libxml2 to address\nCVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795,\nand CVE-2025-49796.\n\n## Impact and severity\n\n### CVE-2025-6021\n\nA flaw was found in libxml2's xmlBuildQName function, where integer\noverflows in buffer size calculations can lead to a stack-based\nbuffer overflow. This issue can result in memory corruption or a\ndenial of service when processing crafted input.\n\nNVD claims a severity of 7.5 High\n(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/17d950ae\n\n### CVE-2025-6170\n\nA flaw was found in the interactive shell of the xmllint command-line\ntool, used for parsing XML files. When a user inputs an overly long\ncommand, the program does not check the input size properly, which\ncan cause it to crash. This issue might allow attackers to run\nharmful code in rare configurations without modern protections.\n\nNVD claims a severity of 2.5 Low\n(CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/5e9ec5c1\n\n### CVE-2025-49794\n\nA use-after-free vulnerability was found in libxml2. This issue\noccurs when parsing XPath elements under certain circumstances when\nthe XML schematron has the <sch:name path=\"...\"/> schema elements.\nThis flaw allows a malicious actor to craft a malicious XML document\nused as input for libxml, resulting in the program's crash using\nlibxml or other possible undefined behaviors.\n\nNVD claims a severity of 9.1 Critical\n(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5\n\n### CVE-2025-49795\n\nA NULL pointer dereference vulnerability was found in libxml2 when\nprocessing XPath XML expressions. This flaw allows an attacker to\ncraft a malicious XML input to libxml2, leading to a denial of service.\n\nNVD claims a severity of 7.5 High\n(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/62048278\n\n### CVE-2025-49796\n\nA vulnerability was found in libxml2. Processing certain sch:name\nelements from the input XML file can trigger a memory corruption\nissue. This flaw allows an attacker to craft a malicious XML input\nfile that can lead libxml to crash, resulting in a denial of service\nor other possible undefined behavior due to sensitive data being\ncorrupted in memory.\n\nNVD claims a severity of 9.1 Critical\n(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5\n\n## Affected Versions\n\n- Nokogiri < 1.18.9 when using CRuby (MRI) with vendored libxml2\n\n## Patched Versions\n\n- Nokogiri >= 1.18.9\n\n## Mitigation\n\nUpgrade to Nokogiri v1.18.9 or later.\n\nUsers who are unable to upgrade Nokogiri may also choose a more\ncomplicated mitigation: compile and link Nokogiri against patched\nexternal libxml2 libraries which will also address these same issues.","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/pull/3526","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/pull/3526"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49794","reference_id":"CVE-2025-49794","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49794"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49795","reference_id":"CVE-2025-49795","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49795"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49796","reference_id":"CVE-2025-49796","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49796"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6021","reference_id":"CVE-2025-6021","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6021"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6170","reference_id":"CVE-2025-6170","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6170"},{"reference_url":"https://github.com/advisories/GHSA-353f-x4gh-cqq8","reference_id":"GHSA-353f-x4gh-cqq8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-353f-x4gh-cqq8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85837?format=json","purl":"pkg:gem/nokogiri@1.18.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d13x-y75t-2ugx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.9"}],"aliases":["GHSA-353f-x4gh-cqq8"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pb6j-zdqw-g7cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51492?format=json","vulnerability_id":"VCID-pr2j-1118-hqaa","summary":"Update bundled libxml2 to v2.10.3 to resolve multiple CVEs\n### Summary\n\nNokogiri v1.13.9 upgrades the packaged version of its dependency libxml2 to\n[v2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.3) from\nv2.9.14.\n\nlibxml2 v2.10.3 addresses the following known vulnerabilities:\n\n- [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309)\n- [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304)\n- [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303)\n\nPlease note that this advisory only applies to the CRuby implementation of\nNokogiri `< 1.13.9`, and only if the _packaged_ libraries are being used. If\nyou've overridden defaults at installation time to use _system_ libraries\ninstead of packaged libraries, you should instead pay attention to your\ndistro's `libxml2` release announcements.\n\n\n### Mitigation\n\nUpgrade to Nokogiri `>= 1.13.9`.\n\nUsers who are unable to upgrade Nokogiri may also choose a more complicated\nmitigation: compile and link Nokogiri against external libraries libxml2\n`>= 2.10.3` which will also address these same issues.\n\n\n### Impact\n\n#### libxml2 [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309)\n\n- **CVSS3 score**: Under evaluation\n- **Type**: Denial of service\n- **Description**: NULL Pointer Dereference allows attackers to cause a denial\nof service (or application crash). This only applies when lxml is used\ntogether with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not\naffected. It allows triggering crashes through forged input data, given a\nvulnerable code sequence in the application. The vulnerability is caused by\nthe iterwalk function (also used by the canonicalize function). Such code\nshouldn't be in wide-spread use, given that parsing + iterwalk would usually\nbe replaced with the more efficient iterparse function. However, an XML\nconverter that serialises to C14N would also be vulnerable, for example, and\nthere are legitimate use cases for this code sequence. If untrusted input is\nreceived (also remotely) and processed via iterwalk function, a crash can be\ntriggered.\n\nNokogiri maintainers investigated at #2620 and determined this CVE does not\naffect Nokogiri users.\n\n\n#### libxml2 [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304)\n\n- **CVSS3 score**: Unspecified upstream\n- **Type**: Data corruption, denial of service\n- **Description**: When an entity reference cycle is detected, the entity\ncontent is cleared by setting its first byte to zero. But the entity content\nmight be allocated from a dict. In this case, the dict entry becomes corrupted\nleading to all kinds of logic errors, including memory errors like\ndouble-frees.\n\nSee https://gitlab.gnome.org/GNOME/libxml2/-/commit/644a89e080bced793295f61f18aac8cfad6bece2\n\n\n#### libxml2 [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303)\n\n- **CVSS3 score**: Unspecified upstream\n- **Type**: Integer overflow\n- **Description**: Integer overflows with XML_PARSE_HUGE\n\nSee https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145080?format=json","purl":"pkg:gem/nokogiri@1.13.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.9"}],"aliases":["GHSA-2qc6-mcvw-92cw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pr2j-1118-hqaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51496?format=json","vulnerability_id":"VCID-q3td-7t4g-57ba","summary":"Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459\n## Summary\n\nNokogiri v1.16.5 upgrades its dependency libxml2 to\n[2.12.7](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7) from 2.12.6.\n\nlibxml2 v2.12.7 addresses CVE-2024-34459:\n\n- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720\n- patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53\n\n## Impact\n\nThere is no impact to Nokogiri users because the issue is present only\nin libxml2's `xmllint` tool which Nokogiri does not provide or expose.\n\n## Timeline\n\n- 2024-05-13 05:57 EDT, libxml2 2.12.7 release is announced\n- 2024-05-13 08:30 EDT, nokogiri maintainers begin triage\n- 2024-05-13 10:05 EDT, nokogiri [v1.16.5 is released](https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5)\n  and this GHSA made public","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/720","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/720"},{"reference_url":"https://github.com/advisories/GHSA-r95h-9x8f-r3f7","reference_id":"GHSA-r95h-9x8f-r3f7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r95h-9x8f-r3f7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81252?format=json","purl":"pkg:gem/nokogiri@1.16.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.5"}],"aliases":["GHSA-r95h-9x8f-r3f7"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3td-7t4g-57ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42884?format=json","vulnerability_id":"VCID-qkq6-n1ds-x7e5","summary":"Inefficient Regular Expression Complexity\nNokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24836","reference_id":"","reference_type":"","scores":[{"value":"0.01827","scoring_system":"epss","scoring_elements":"0.83241","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24836"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2022/Dec/23"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3"},{"reference_url":"https://security.gentoo.org/glsa/202208-29","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202208-29"},{"reference_url":"https://support.apple.com/kb/HT213532","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT213532"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787","reference_id":"1009787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074346","reference_id":"2074346","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074346"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24836","reference_id":"CVE-2022-24836","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24836"},{"reference_url":"https://github.com/advisories/GHSA-crjr-9rc5-ghw8","reference_id":"GHSA-crjr-9rc5-ghw8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-crjr-9rc5-ghw8"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8","reference_id":"GHSA-crjr-9rc5-ghw8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8506","reference_id":"RHSA-2022:8506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8506"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61129?format=json","purl":"pkg:gem/nokogiri@1.13.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4"}],"aliases":["CVE-2022-24836","GHSA-crjr-9rc5-ghw8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkq6-n1ds-x7e5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4123?format=json","vulnerability_id":"VCID-u9b2-qx2j-c7by","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5815","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29163","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5815"},{"reference_url":"https://bugs.chromium.org/p/chromium/issues/detail?id=930663","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/chromium/issues/detail?id=930663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/2630","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/2630"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702905","reference_id":"1702905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1702905"},{"reference_url":"https://security.archlinux.org/ASA-201904-12","reference_id":"ASA-201904-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-12"},{"reference_url":"https://security.archlinux.org/AVG-952","reference_id":"AVG-952","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-952"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5815","reference_id":"CVE-2019-5815","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5815"},{"reference_url":"https://security.gentoo.org/glsa/201908-18","reference_id":"GLSA-201908-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1021","reference_id":"RHSA-2019:1021","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1021"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57780?format=json","purl":"pkg:gem/nokogiri@1.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4"},{"url":"http://public2.vulnerablecode.io/api/packages/58267?format=json","purl":"pkg:gem/nokogiri@1.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5"}],"aliases":["CVE-2019-5815","GHSA-vmfx-gcfq-wvm2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u9b2-qx2j-c7by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4339?format=json","vulnerability_id":"VCID-ueh5-fv4d-a7a8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15412","reference_id":"","reference_type":"","scores":[{"value":"0.02535","scoring_system":"epss","scoring_elements":"0.85726","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15412"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=783160","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=783160"},{"reference_url":"https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"},{"reference_url":"https://crbug.com/727039","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://crbug.com/727039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1714","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1714"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html"},{"reference_url":"https://security.gentoo.org/glsa/201801-03","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201801-03"},{"reference_url":"https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348"},{"reference_url":"https://www.debian.org/security/2018/dsa-4086","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4086"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1523128","reference_id":"1523128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1523128"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790","reference_id":"883790","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790"},{"reference_url":"https://security.archlinux.org/ASA-201712-5","reference_id":"ASA-201712-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-5"},{"reference_url":"https://security.archlinux.org/AVG-544","reference_id":"AVG-544","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-544"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15412","reference_id":"CVE-2017-15412","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15412"},{"reference_url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html","reference_id":"CVE-2017-15412.HTML","reference_type":"","scores":[],"url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3401","reference_id":"RHSA-2017:3401","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0287","reference_id":"RHSA-2018:0287","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55376?format=json","purl":"pkg:gem/nokogiri@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-akrb-6bu8-nqfq"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-ft4s-195a-8fcf"},{"vulnerability":"VCID-gwrv-agck-yuex"},{"vulnerability":"VCID-jvd7-7jes-4ffn"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-u9b2-qx2j-c7by"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"},{"vulnerability":"VCID-zx33-nyvt-vbe9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.2"}],"aliases":["CVE-2017-15412","GHSA-r58r-74gx-6wx3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ueh5-fv4d-a7a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4045?format=json","vulnerability_id":"VCID-uk9u-nn9a-4yes","summary":"multiple issues","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18197","reference_id":"","reference_type":"","scores":[{"value":"0.04534","scoring_system":"epss","scoring_elements":"0.89355","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18197"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1943","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1943"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191031-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20191031-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200416-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200416-0004"},{"reference_url":"https://usn.ubuntu.com/4164-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4164-1"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/11/17/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/11/17/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1770768","reference_id":"1770768","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1770768"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646","reference_id":"942646","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646"},{"reference_url":"https://security.archlinux.org/ASA-202002-3","reference_id":"ASA-202002-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202002-3"},{"reference_url":"https://security.archlinux.org/AVG-1092","reference_id":"AVG-1092","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1092"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18197","reference_id":"CVE-2019-18197","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0514","reference_id":"RHSA-2020:0514","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4005","reference_id":"RHSA-2020:4005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4464","reference_id":"RHSA-2020:4464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4464"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58267?format=json","purl":"pkg:gem/nokogiri@1.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5"}],"aliases":["CVE-2019-18197","GHSA-242x-7cm6-4w8j"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uk9u-nn9a-4yes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51490?format=json","vulnerability_id":"VCID-wnj6-hc4g-ykfs","summary":"Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415\n## Summary\n\nNokogiri v1.18.8 upgrades its dependency libxml2 to\n[v2.13.8](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8).\n\nlibxml2 v2.13.8 addresses:\n\n- CVE-2025-32414\n  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/889\n- CVE-2025-32415\n  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/890\n\n## Impact\n\n### CVE-2025-32414: No impact\n\nIn libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds\nmemory access can occur in the Python API (Python bindings) because\nof an incorrect return value. This occurs in xmlPythonFileRead and\nxmlPythonFileReadRaw because of a difference between bytes and characters.\n\n**There is no impact** from this CVE for Nokogiri users.\n\n### CVE-2025-32415: Low impact\n\nIn libxml2 before 2.13.8 and 2.14.x before 2.14.2,\nxmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer\nunder-read. To exploit this, a crafted XML document must be validated\nagainst an XML schema with certain identity constraints, or a\ncrafted XML schema must be used.\n\nIn the upstream issue, further context is provided by the maintainer:\n\n> The bug affects validation against untrusted XML Schemas (.xsd)\n> and validation of untrusted documents against trusted Schemas if\n> they make use of xsd:keyref in combination with recursively\n> defined types that have additional identity constraints.\n\nMITRE has published a severity score of 2.9 LOW\n(CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) for this CVE.","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/889","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/890","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8"},{"reference_url":"https://github.com/advisories/GHSA-5w6v-399v-w3cc","reference_id":"GHSA-5w6v-399v-w3cc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5w6v-399v-w3cc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84887?format=json","purl":"pkg:gem/nokogiri@1.18.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.8"}],"aliases":["GHSA-5w6v-399v-w3cc"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wnj6-hc4g-ykfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44899?format=json","vulnerability_id":"VCID-yrjg-2aw9-effx","summary":"Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs\n### Summary\n\nNokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to [v2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4) from v2.10.3.\n\nlibxml2 v2.10.4 addresses the following known vulnerabilities:\n\n- [CVE-2023-29469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469): Hashing of empty dict strings isn't deterministic\n- [CVE-2023-28484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484): Fix null deref in xmlSchemaFixupComplexType\n- Schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK\n\nPlease note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.14.3`, and only if the _packaged_ libraries are being used. If you've overridden defaults at installation time to use _system_ libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` release announcements.\n\n\n### Mitigation\n\nUpgrade to Nokogiri `>= 1.14.3`.\n\nUsers who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile and link Nokogiri against external libraries libxml2 `>= 2.10.4` which will also address these same issues.\n\n\n### Impact\n\nNo public information has yet been published about the security-related issues other than the upstream commits. Examination of those changesets indicate that the more serious issues relate to libxml2 dereferencing NULL pointers and potentially segfaulting while parsing untrusted inputs.\n\nThe commits can be examined at:\n\n- [[CVE-2023-29469] Hashing of empty dict strings isn't deterministic (09a2dd45) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64)\n- [[CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType (647e072e) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f)\n- [schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK (4c6922f7) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4"},{"reference_url":"https://github.com/advisories/GHSA-pxvg-2qj5-37jq","reference_id":"GHSA-pxvg-2qj5-37jq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pxvg-2qj5-37jq"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq","reference_id":"GHSA-pxvg-2qj5-37jq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64578?format=json","purl":"pkg:gem/nokogiri@1.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.14.3"}],"aliases":["GHSA-pxvg-2qj5-37jq","GMS-2023-1115"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrjg-2aw9-effx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51448?format=json","vulnerability_id":"VCID-zx33-nyvt-vbe9","summary":"Rexical Command Injection Vulnerability\nA command injection vulnerability appears in code generated by the Rexical\ngem versions v1.0.6 and earlier. It allows commands to be executed in a\nsubprocess by Ruby's `Kernel.open` method.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5477","reference_id":"","reference_type":"","scores":[{"value":"0.09316","scoring_system":"epss","scoring_elements":"0.92907","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5477"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dc","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dc"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1915","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1915"},{"reference_url":"https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc"},{"reference_url":"https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926"},{"reference_url":"https://hackerone.com/reports/650835","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/650835"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html"},{"reference_url":"https://security.gentoo.org/glsa/202006-05","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-05"},{"reference_url":"https://usn.ubuntu.com/4175-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4175-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802","reference_id":"934802","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905","reference_id":"940905","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5477","reference_id":"CVE-2019-5477","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5477"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57780?format=json","purl":"pkg:gem/nokogiri@1.10.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sh8-bsk3-auct"},{"vulnerability":"VCID-2r85-egs8-4be3"},{"vulnerability":"VCID-5xuf-r7bj-33fa"},{"vulnerability":"VCID-chdv-jk6d-uuga"},{"vulnerability":"VCID-d13x-y75t-2ugx"},{"vulnerability":"VCID-jxz3-ug52-cuhn"},{"vulnerability":"VCID-p6m6-7kgc-y3g8"},{"vulnerability":"VCID-pb6j-zdqw-g7cj"},{"vulnerability":"VCID-pr2j-1118-hqaa"},{"vulnerability":"VCID-q3td-7t4g-57ba"},{"vulnerability":"VCID-qkq6-n1ds-x7e5"},{"vulnerability":"VCID-uk9u-nn9a-4yes"},{"vulnerability":"VCID-wnj6-hc4g-ykfs"},{"vulnerability":"VCID-yrjg-2aw9-effx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4"}],"aliases":["CVE-2019-5477","GHSA-cr5j-953j-xw5p"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zx33-nyvt-vbe9"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.3.rc2"}