Package Instance

reference_id

AVG-1263

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-24977
reference_id	CVE-2020-24977
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-24977

reference_url	https://access.redhat.com/errata/RHSA-2021:1597
reference_id	RHSA-2021:1597
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1597

fixed_packages

url pkg:gem/nokogiri@1.11.4

purl pkg:gem/nokogiri@1.11.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.4

aliases CVE-2020-24977

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1sh8-bsk3-auct

url VCID-2r85-egs8-4be3

vulnerability_id VCID-2r85-egs8-4be3

summary

Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability
### Description

In Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by `Nokogiri::XML::Schema`
are **trusted** by default, allowing external resources to be accessed over the
network, potentially enabling XXE or SSRF attacks.

This behavior is counter to
the security policy followed by Nokogiri maintainers, which is to treat all input
as **untrusted** by default whenever possible.

Please note that this security
fix was pushed into a new minor version, 1.11.x, rather than a patch release to
the 1.10.x branch, because it is a breaking change for some schemas and the risk
was assessed to be "Low Severity".

### Affected Versions

Nokogiri `<= 1.10.10` as well as prereleases `1.11.0.rc1`, `1.11.0.rc2`, and `1.11.0.rc3`

### Mitigation

There are no known workarounds for affected versions. Upgrade to Nokogiri
`1.11.0.rc4` or later.

If, after upgrading to `1.11.0.rc4` or later, you wish
to re-enable network access for resolution of external resources (i.e., return to
the previous behavior):

1. Ensure the input is trusted. Do not enable this option
for untrusted input.
2. When invoking the `Nokogiri::XML::Schema` constructor,
pass as the second parameter an instance of `Nokogiri::XML::ParseOptions` with the
`NONET` flag turned off.

So if your previous code was:

``` ruby
# in v1.11.0.rc3 and earlier, this call allows resources to be accessed over the network
# but in v1.11.0.rc4 and later, this call will disallow network access for external resources
schema = Nokogiri::XML::Schema.new(schema)

# in v1.11.0.rc4 and later, the following is equivalent to the code above
# (the second parameter is optional, and this demonstrates its default value)
schema = Nokogiri::XML::Schema.new(schema, Nokogiri::XML::ParseOptions::DEFAULT_SCHEMA)
```

Then you can add the second parameter to indicate that the input is trusted by changing it to:

``` ruby
# in v1.11.0.rc3 and earlier, this would raise an ArgumentError
# but in v1.11.0.rc4 and later, this allows resources to be accessed over the network
schema = Nokogiri::XML::Schema.new(trusted_schema, Nokogiri::XML::ParseOptions.new.nononet)
```

references

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26247

reference_id

reference_type

scores

value	0.00259
scoring_system	epss
scoring_elements	0.49512
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26247

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03

reference_url

https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b

reference_url

https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4

reference_url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3
scoring_elements

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m

reference_url

https://hackerone.com/reports/747489

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/747489

reference_url

https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html

reference_url

https://rubygems.org/gems/nokogiri

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubygems.org/gems/nokogiri

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-26247

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1912487
reference_id	1912487
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1912487

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967
reference_id	978967
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967

reference_url

reference_id

CVE-2020-26247

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-26247

reference_url	https://access.redhat.com/errata/RHSA-2021:4702
reference_id	RHSA-2021:4702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4702

reference_url	https://access.redhat.com/errata/RHSA-2021:5191
reference_id	RHSA-2021:5191
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5191

fixed_packages

url pkg:gem/nokogiri@1.11.0

purl pkg:gem/nokogiri@1.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.0

aliases CVE-2020-26247, GHSA-vr8q-g5c7-m54m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2r85-egs8-4be3

url VCID-5xuf-r7bj-33fa

vulnerability_id VCID-5xuf-r7bj-33fa

summary

Improper Input Validation
In `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13117

reference_id

reference_type

scores

value	0.04376
scoring_system	epss
scoring_elements	0.89156
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13117

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml

reference_url

https://github.com/sparklemotion/nokogiri/issues/1943

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1943

reference_url

https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1

reference_url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ

reference_url

https://oss-fuzz.com/testcase-detail/5631739747106816

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

https://oss-fuzz.com/testcase-detail/5631739747106816

reference_url

https://security.netapp.com/advisory/ntap-20190806-0004

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190806-0004

reference_url

https://security.netapp.com/advisory/ntap-20200122-0003

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200122-0003

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

http://www.openwall.com/lists/oss-security/2019/11/17/2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

http://www.openwall.com/lists/oss-security/2019/11/17/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1728546
reference_id	1728546
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1728546

reference_url

reference_id

4164-1

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13117

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321
reference_id	931321
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321

reference_url

reference_id

CVE-2019-13117

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13117

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/

reference_id

IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/

reference_url

https://security.netapp.com/advisory/ntap-20190806-0004/

reference_id

ntap-20190806-0004

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

https://security.netapp.com/advisory/ntap-20190806-0004/

reference_url

https://security.netapp.com/advisory/ntap-20200122-0003/

reference_id

ntap-20200122-0003

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

https://security.netapp.com/advisory/ntap-20200122-0003/

reference_url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

reference_id

r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

reference_id

rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:31:22Z/

url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

fixed_packages

url pkg:gem/nokogiri@1.10.5

purl pkg:gem/nokogiri@1.10.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5

aliases CVE-2019-13117, GHSA-4hm9-844j-jmxp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xuf-r7bj-33fa

url VCID-9m3t-anwb-4fbx

vulnerability_id VCID-9m3t-anwb-4fbx

summary arbitrary code execution

references

reference_url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4658

reference_id

reference_type

scores

value	0.15391
scoring_system	epss
scoring_elements	0.94767
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b

reference_url

https://github.com/sparklemotion/nokogiri/issues/1615

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1615

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/HT207141

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/HT207141

reference_url

https://support.apple.com/HT207142

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/HT207142

reference_url

https://support.apple.com/HT207143

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/HT207143

reference_url

https://support.apple.com/HT207170

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/HT207170

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1384424
reference_id	1384424
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1384424

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553
reference_id	840553
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553

reference_url	https://security.archlinux.org/ASA-201611-2
reference_id	ASA-201611-2
reference_type
scores
url	https://security.archlinux.org/ASA-201611-2

reference_url

https://security.archlinux.org/AVG-56

reference_id

AVG-56

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-56

reference_url	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html
reference_id	CVE-2016-4448.HTML
reference_type
scores
url	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4658

reference_id

CVE-2016-4658

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4658

reference_url	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html
reference_id	CVE-2016-4658.HTML
reference_type
scores
url	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html

reference_url	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html
reference_id	CVE-2016-5131.HTML
reference_type
scores
url	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html

reference_url	https://access.redhat.com/errata/RHSA-2021:3810
reference_id	RHSA-2021:3810
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3810

fixed_packages

url pkg:gem/nokogiri@1.7.1

purl pkg:gem/nokogiri@1.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-b8q3-sd61-rqhf

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gdgu-7d3a-uygr

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-m91c-mfu9-bbbh

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.1

aliases CVE-2016-4658, GHSA-fr52-4hqw-p27f

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9m3t-anwb-4fbx

url VCID-akrb-6bu8-nqfq

vulnerability_id VCID-akrb-6bu8-nqfq

summary

NULL Pointer Dereference
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:1543

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://access.redhat.com/errata/RHSA-2019:1543

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14404

reference_id

reference_type

scores

value	0.20012
scoring_system	epss
scoring_elements	0.95589
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14404

reference_url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1595985

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1595985

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/sparklemotion/nokogiri/issues/1785

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1785

reference_url

https://gitlab.gnome.org/GNOME/libxml2/issues/10

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://gitlab.gnome.org/GNOME/libxml2/issues/10

reference_url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url

https://security.netapp.com/advisory/ntap-20190719-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190719-0002

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3739-2

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3739-2

reference_url

https://usn.ubuntu.com/3739-2/

reference_id

3739-2

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://usn.ubuntu.com/3739-2/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14404

reference_id

CVE-2018-14404

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14404

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml

reference_id

CVE-2018-14404.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml

reference_url	https://github.com/advisories/GHSA-6qvp-r6r3-9p7h
reference_id	GHSA-6qvp-r6r3-9p7h
reference_type
scores
url	https://github.com/advisories/GHSA-6qvp-r6r3-9p7h

reference_url

https://security.netapp.com/advisory/ntap-20190719-0002/

reference_id

ntap-20190719-0002

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://security.netapp.com/advisory/ntap-20190719-0002/

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

reference_url	https://access.redhat.com/errata/RHSA-2020:1827
reference_id	RHSA-2020:1827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1827

fixed_packages

url pkg:gem/nokogiri@1.8.5

purl pkg:gem/nokogiri@1.8.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.5

aliases CVE-2018-14404, GHSA-6qvp-r6r3-9p7h

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akrb-6bu8-nqfq

url VCID-b8q3-sd61-rqhf

vulnerability_id VCID-b8q3-sd61-rqhf

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5029.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5029.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5029

reference_id

reference_type

scores

value	0.01232
scoring_system	epss
scoring_elements	0.79516
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5029

reference_url	https://crbug.com/676623
reference_id
reference_type
scores
url	https://crbug.com/676623

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5029

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5031

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5032

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5033

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5034

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5036

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5037

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5038

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5039

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5040

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5041

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5044

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5045

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5046

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:N/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5

reference_url

https://github.com/advisories/GHSA-pf6m-fxpq-fg8v

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-pf6m-fxpq-fg8v

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-5029.yml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1634

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1634

reference_url

https://ubuntu.com/security/CVE-2017-5029

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://ubuntu.com/security/CVE-2017-5029

reference_url

https://ubuntu.com/security/notices/USN-3271-1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://ubuntu.com/security/notices/USN-3271-1

reference_url	http://www.securityfocus.com/bid/96767
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/96767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1431033
reference_id	1431033
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1431033

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546
reference_id	858546
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858546

reference_url	https://security.archlinux.org/ASA-201703-4
reference_id	ASA-201703-4
reference_type
scores
url	https://security.archlinux.org/ASA-201703-4

reference_url	https://security.archlinux.org/ASA-201703-5
reference_id	ASA-201703-5
reference_type
scores
url	https://security.archlinux.org/ASA-201703-5

reference_url

https://security.archlinux.org/AVG-195

reference_id

AVG-195

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-195

reference_url

https://security.archlinux.org/AVG-196

reference_id

AVG-196

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-196

reference_url

https://security.archlinux.org/AVG-197

reference_id

AVG-197

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-197

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5029

reference_id

CVE-2017-5029

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5029

reference_url	https://security.gentoo.org/glsa/201804-01
reference_id	GLSA-201804-01
reference_type
scores
url	https://security.gentoo.org/glsa/201804-01

reference_url	https://access.redhat.com/errata/RHSA-2017:0499
reference_id	RHSA-2017:0499
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0499

fixed_packages

url pkg:gem/nokogiri@1.7.1

purl pkg:gem/nokogiri@1.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-b8q3-sd61-rqhf

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gdgu-7d3a-uygr

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-m91c-mfu9-bbbh

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.1

url pkg:gem/nokogiri@1.7.2

purl pkg:gem/nokogiri@1.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gdgu-7d3a-uygr

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-m91c-mfu9-bbbh

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.7.2

aliases CVE-2017-5029, GHSA-pf6m-fxpq-fg8v

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8q3-sd61-rqhf

url VCID-ba5w-ed8b-duar

vulnerability_id VCID-ba5w-ed8b-duar

summary

Unsafe parsing of unclosed comments
Parsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory access.

references

reference_url	https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.rdoc#167rc4--2015-11-22

reference_url	https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1664--2015-11-19
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/blob/v1.6.6.x/CHANGELOG.rdoc#1664--2015-11-19

reference_url	https://github.com/sparklemotion/nokogiri/commit/0948e9fa38c949661983a33752fdcb94a453e272
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/commit/0948e9fa38c949661983a33752fdcb94a453e272

reference_url	https://github.com/sparklemotion/nokogiri/commit/3ab1b2339f7bb3a00590c8d288a24a9dbfe5aec4
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/commit/3ab1b2339f7bb3a00590c8d288a24a9dbfe5aec4

reference_url	https://groups.google.com/forum/#!topic/nokogiri-talk/nFl0mfcJpbk
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/nokogiri-talk/nFl0mfcJpbk

fixed_packages

url pkg:gem/nokogiri@1.6.6.4

purl pkg:gem/nokogiri@1.6.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-9m3t-anwb-4fbx

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-b8q3-sd61-rqhf

vulnerability	VCID-by7n-zrpn-jubw

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-efx2-bpu9-z7a4

vulnerability	VCID-egft-crba-6ubx

vulnerability	VCID-fn1n-adz5-5fcy

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gdgu-7d3a-uygr

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-m91c-mfu9-bbbh

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.6.4

url pkg:gem/nokogiri@1.6.7.rc4

purl pkg:gem/nokogiri@1.6.7.rc4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-9m3t-anwb-4fbx

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-b8q3-sd61-rqhf

vulnerability	VCID-by7n-zrpn-jubw

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-efx2-bpu9-z7a4

vulnerability	VCID-egft-crba-6ubx

vulnerability	VCID-fn1n-adz5-5fcy

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gdgu-7d3a-uygr

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-m91c-mfu9-bbbh

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.rc4

aliases GMS-2015-43

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ba5w-ed8b-duar

url VCID-by7n-zrpn-jubw

vulnerability_id VCID-by7n-zrpn-jubw

summary

Vulnerabilities in libxml2
The vendored version of libxml2 is affected by multiple vulnerabilities.

references

reference_url	https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5

reference_url	https://github.com/sparklemotion/nokogiri/pull/1378
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/pull/1378

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5312
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5312

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7497
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7497

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7498
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7498

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7499
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7499

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7500
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7500

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8241
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8241

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8242
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8242

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8317
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8317

fixed_packages

url pkg:gem/nokogiri@1.6.7.1

purl pkg:gem/nokogiri@1.6.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-9m3t-anwb-4fbx

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-b8q3-sd61-rqhf

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-egft-crba-6ubx

vulnerability	VCID-fn1n-adz5-5fcy

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gdgu-7d3a-uygr

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-m91c-mfu9-bbbh

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.1

aliases GMS-2015-52

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-by7n-zrpn-jubw

url VCID-cgmw-k7dg-gbdw

vulnerability_id VCID-cgmw-k7dg-gbdw

summary

Vulnerabilities in libxml2 and libxslt
Several vulnerabilities were discovered in the libxml2 and libxslt libraries that this package gem depends on.

references

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html

reference_url

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-1419.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-1419.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1819

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1819.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1819.json

reference_url

reference_id

reference_type

scores

value	0.02045
scoring_system	epss
scoring_elements	0.8417
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml

reference_url	https://github.com/sparklemotion/nokogiri/commit/8f3de6d88d0da11fb62a45daa61b85ce71b4af59
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/commit/8f3de6d88d0da11fb62a45daa61b85ce71b4af59

reference_url

https://github.com/sparklemotion/nokogiri/issues/1374

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1374

reference_url	https://github.com/sparklemotion/nokogiri/pull/1376
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/pull/1376

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-1819

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-1819

reference_url

https://security.gentoo.org/glsa/201507-08

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201507-08

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

reference_url

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url

http://www.ubuntu.com/usn/USN-2812-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2812-1

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1211278
reference_id	1211278
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1211278

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782782
reference_id	782782
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782782

reference_url	https://access.redhat.com/errata/RHSA-2015:1419
reference_id	RHSA-2015:1419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1419

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

fixed_packages

url pkg:gem/nokogiri@1.6.6.4

purl pkg:gem/nokogiri@1.6.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-9m3t-anwb-4fbx

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-b8q3-sd61-rqhf

vulnerability	VCID-by7n-zrpn-jubw

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-efx2-bpu9-z7a4

vulnerability	VCID-egft-crba-6ubx

vulnerability	VCID-fn1n-adz5-5fcy

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gdgu-7d3a-uygr

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-m91c-mfu9-bbbh

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.6.4

url pkg:gem/nokogiri@1.6.7.rc4

purl pkg:gem/nokogiri@1.6.7.rc4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-9m3t-anwb-4fbx

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-b8q3-sd61-rqhf

vulnerability	VCID-by7n-zrpn-jubw

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-efx2-bpu9-z7a4

vulnerability	VCID-egft-crba-6ubx

vulnerability	VCID-fn1n-adz5-5fcy

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gdgu-7d3a-uygr

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-m91c-mfu9-bbbh

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.rc4

aliases CVE-2015-1819, GHSA-q7wx-62r7-j2x7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgmw-k7dg-gbdw

url VCID-chdv-jk6d-uuga

vulnerability_id VCID-chdv-jk6d-uuga

summary

Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
## Summary

Nokogiri v1.18.3 upgrades its dependency libxml2 to
[v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6).

libxml2 v2.13.6 addresses:

- CVE-2025-24928
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
- CVE-2024-56171
   - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

## Impact

### CVE-2025-24928

Stack-buffer overflow is possible when reporting DTD validation
errors if the input contains a long (~3kb) QName prefix.

### CVE-2024-56171

Use-after-free is possible during validation against untrusted
XML Schemas (.xsd) and, potentially, validation of untrusted documents
against trusted Schemas if they make use of `xsd:keyref` in combination
with recursively defined types that have additional identity constraints.

references

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m

reference_url	https://github.com/advisories/GHSA-vvfq-8hwr-qm4m
reference_id	GHSA-vvfq-8hwr-qm4m
reference_type
scores
url	https://github.com/advisories/GHSA-vvfq-8hwr-qm4m

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml

reference_id

GHSA-vvfq-8hwr-qm4m.yml

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml

fixed_packages

url pkg:gem/nokogiri@1.18.3

purl pkg:gem/nokogiri@1.18.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-wnj6-hc4g-ykfs

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.3

aliases GHSA-vvfq-8hwr-qm4m

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chdv-jk6d-uuga

url VCID-d13x-y75t-2ugx

vulnerability_id VCID-d13x-y75t-2ugx

summary

Nokogiri does not check the return value from xmlC14NExecute
Nokogiri's CRuby extension fails to check the return value from `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize` and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may allow downstream libraries to accept invalid or incomplete canonicalized XML, which has been demonstrated to enable signature validation bypass in SAML libraries.

JRuby is not affected, as the Java implementation correctly raises `RuntimeError` on canonicalization failure.

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532

reference_url	https://github.com/advisories/GHSA-wx95-c6cv-8532
reference_id	GHSA-wx95-c6cv-8532
reference_type
scores
url	https://github.com/advisories/GHSA-wx95-c6cv-8532

reference_url

reference_id

GHSA-wx95-c6cv-8532

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532

fixed_packages

url pkg:gem/nokogiri@1.19.1

purl pkg:gem/nokogiri@1.19.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d13x-y75t-2ugx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.19.1

aliases GHSA-wx95-c6cv-8532

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d13x-y75t-2ugx

url VCID-efx2-bpu9-z7a4

vulnerability_id VCID-efx2-bpu9-z7a4

summary

Vulnerabilities in libxml2
Several vulnerabilities were discovered in the libxml2 library that this package gem depends on.

references

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_url

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url

http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5312

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5312.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5312.json

reference_url

reference_id

reference_type

scores

value	0.01078
scoring_system	epss
scoring_elements	0.7816
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5312

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1276693

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1276693

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-5312.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-5312.yml

reference_url	https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5

reference_url	https://github.com/sparklemotion/nokogiri/pull/1378
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/pull/1378

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s

reference_url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

reference_url

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5312

reference_url

reference_id

CVE-2015-5312

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5312

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

fixed_packages

url pkg:gem/nokogiri@1.6.7.1

purl pkg:gem/nokogiri@1.6.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-9m3t-anwb-4fbx

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-b8q3-sd61-rqhf

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-egft-crba-6ubx

vulnerability	VCID-fn1n-adz5-5fcy

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gdgu-7d3a-uygr

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-m91c-mfu9-bbbh

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.1

aliases CVE-2015-5312, GHSA-xjqg-9jvg-fgx2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-efx2-bpu9-z7a4

url VCID-egft-crba-6ubx

vulnerability_id VCID-egft-crba-6ubx

summary

Uncontrolled Resource Consumption
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8806.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8806.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8806

reference_id

reference_type

scores

value	0.08565
scoring_system	epss
scoring_elements	0.92549
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8806

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=749115

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.gnome.org/show_bug.cgi?id=749115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1473

reference_url	https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1473

reference_url	https://mail.gnome.org/archives/xml/2016-May/msg00023.html
reference_id
reference_type
scores
url	https://mail.gnome.org/archives/xml/2016-May/msg00023.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071

reference_url

https://www.debian.org/security/2016/dsa-3593

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2016/dsa-3593

reference_url

http://www.openwall.com/lists/oss-security/2016/02/03/5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/02/03/5

reference_url

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.ubuntu.com/usn/usn-2994-1/
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/usn-2994-1/

reference_url

http://www.ubuntu.com/usn/USN-2994-1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2994-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1304636
reference_id	1304636
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1304636

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613
reference_id	813613
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8806

reference_id

CVE-2015-8806

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8806

fixed_packages

url pkg:gem/nokogiri@1.6.8

purl pkg:gem/nokogiri@1.6.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-9m3t-anwb-4fbx

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-b8q3-sd61-rqhf

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gdgu-7d3a-uygr

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-m91c-mfu9-bbbh

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.8

aliases CVE-2015-8806, GHSA-7hp2-xwpj-95jq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egft-crba-6ubx

url VCID-fn1n-adz5-5fcy

vulnerability_id VCID-fn1n-adz5-5fcy

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7499

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7499.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7499.json

reference_url

reference_id

reference_type

scores

value	0.00714
scoring_system	epss
scoring_elements	0.7272
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7499

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1281925

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1281925

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da

reference_url

https://github.com/advisories/GHSA-jxjr-5h69-qw3w

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jxjr-5h69-qw3w

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509

reference_url

https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7499

reference_url

reference_id

CVE-2015-7499

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7499

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

fixed_packages

url pkg:gem/nokogiri@1.6.7.2

purl pkg:gem/nokogiri@1.6.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-9m3t-anwb-4fbx

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-b8q3-sd61-rqhf

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-egft-crba-6ubx

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gdgu-7d3a-uygr

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-m91c-mfu9-bbbh

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.7.2

url pkg:gem/nokogiri@1.6.8.rc1

purl pkg:gem/nokogiri@1.6.8.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-9m3t-anwb-4fbx

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-b8q3-sd61-rqhf

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-egft-crba-6ubx

vulnerability	VCID-fn1n-adz5-5fcy

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gdgu-7d3a-uygr

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-m91c-mfu9-bbbh

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.6.8.rc1

aliases CVE-2015-7499, GHSA-jxjr-5h69-qw3w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fn1n-adz5-5fcy

url VCID-ft4s-195a-8fcf

vulnerability_id VCID-ft4s-195a-8fcf

summary

Improper Input Validation
In `numbers.c` in libxslt, which is used by nokogiri, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13118.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13118

reference_id

reference_type

scores

value	0.01008
scoring_system	epss
scoring_elements	0.77408
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13118

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069

reference_url

http://seclists.org/fulldisclosure/2019/Aug/11

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://seclists.org/fulldisclosure/2019/Aug/11

reference_url

http://seclists.org/fulldisclosure/2019/Aug/13

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://seclists.org/fulldisclosure/2019/Aug/13

reference_url

http://seclists.org/fulldisclosure/2019/Aug/14

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://seclists.org/fulldisclosure/2019/Aug/14

reference_url

http://seclists.org/fulldisclosure/2019/Aug/15

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://seclists.org/fulldisclosure/2019/Aug/15

reference_url

http://seclists.org/fulldisclosure/2019/Jul/22

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://seclists.org/fulldisclosure/2019/Jul/22

reference_url

http://seclists.org/fulldisclosure/2019/Jul/23

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://seclists.org/fulldisclosure/2019/Jul/23

reference_url

http://seclists.org/fulldisclosure/2019/Jul/24

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://seclists.org/fulldisclosure/2019/Jul/24

reference_url

http://seclists.org/fulldisclosure/2019/Jul/26

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://seclists.org/fulldisclosure/2019/Jul/26

reference_url

http://seclists.org/fulldisclosure/2019/Jul/31

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://seclists.org/fulldisclosure/2019/Jul/31

reference_url

http://seclists.org/fulldisclosure/2019/Jul/37

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://seclists.org/fulldisclosure/2019/Jul/37

reference_url

http://seclists.org/fulldisclosure/2019/Jul/38

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://seclists.org/fulldisclosure/2019/Jul/38

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796

reference_url

https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e

reference_url

https://github.com/sparklemotion/nokogiri/issues/1943

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1943

reference_url

https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5

reference_url

https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b

reference_url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ

reference_url

https://oss-fuzz.com/testcase-detail/5197371471822848

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://oss-fuzz.com/testcase-detail/5197371471822848

reference_url

https://seclists.org/bugtraq/2019/Aug/21

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://seclists.org/bugtraq/2019/Aug/21

reference_url

https://seclists.org/bugtraq/2019/Aug/22

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://seclists.org/bugtraq/2019/Aug/22

reference_url

https://seclists.org/bugtraq/2019/Aug/23

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://seclists.org/bugtraq/2019/Aug/23

reference_url

https://seclists.org/bugtraq/2019/Aug/25

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://seclists.org/bugtraq/2019/Aug/25

reference_url

https://seclists.org/bugtraq/2019/Jul/35

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://seclists.org/bugtraq/2019/Jul/35

reference_url

https://seclists.org/bugtraq/2019/Jul/36

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://seclists.org/bugtraq/2019/Jul/36

reference_url

https://seclists.org/bugtraq/2019/Jul/37

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://seclists.org/bugtraq/2019/Jul/37

reference_url

https://seclists.org/bugtraq/2019/Jul/40

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://seclists.org/bugtraq/2019/Jul/40

reference_url

https://seclists.org/bugtraq/2019/Jul/41

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://seclists.org/bugtraq/2019/Jul/41

reference_url

https://seclists.org/bugtraq/2019/Jul/42

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://seclists.org/bugtraq/2019/Jul/42

reference_url

https://security.netapp.com/advisory/ntap-20190806-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190806-0004

reference_url

https://security.netapp.com/advisory/ntap-20200122-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200122-0003

reference_url

https://support.apple.com/kb/HT210346

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://support.apple.com/kb/HT210346

reference_url

https://support.apple.com/kb/HT210348

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://support.apple.com/kb/HT210348

reference_url

https://support.apple.com/kb/HT210351

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://support.apple.com/kb/HT210351

reference_url

https://support.apple.com/kb/HT210353

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://support.apple.com/kb/HT210353

reference_url

https://support.apple.com/kb/HT210356

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://support.apple.com/kb/HT210356

reference_url

https://support.apple.com/kb/HT210357

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://support.apple.com/kb/HT210357

reference_url

https://support.apple.com/kb/HT210358

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://support.apple.com/kb/HT210358

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://www.oracle.com/security-alerts/cpujan2020.html

reference_url

http://www.openwall.com/lists/oss-security/2019/11/17/2

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

http://www.openwall.com/lists/oss-security/2019/11/17/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1728541
reference_id	1728541
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1728541

reference_url

reference_id

4164-1

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13118

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320
reference_id	931320
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931320

reference_url

reference_id

CVE-2019-13118

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-13118

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/

reference_id

IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/

reference_url

https://security.netapp.com/advisory/ntap-20190806-0004/

reference_id

ntap-20190806-0004

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://security.netapp.com/advisory/ntap-20190806-0004/

reference_url

https://security.netapp.com/advisory/ntap-20200122-0003/

reference_id

ntap-20200122-0003

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://security.netapp.com/advisory/ntap-20200122-0003/

reference_url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

reference_id

r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

reference_id

rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:35:56Z/

url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

fixed_packages

url pkg:gem/nokogiri@1.10.5

purl pkg:gem/nokogiri@1.10.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5

aliases CVE-2019-13118, GHSA-cf46-6xxh-pc75

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ft4s-195a-8fcf

url VCID-gdgu-7d3a-uygr

vulnerability_id VCID-gdgu-7d3a-uygr

summary

Vulnerabilities in libxml2
The version of libxml2 packaged with Nokogiri contains several vulnerabilities. Nokogiri has mitigated these issues by upgrading to libxml It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use this to specially construct XML data that could expose sensitive information. (CVE-2017-7375) It was discovered that a buffer overflow existed in libxml2 when handling HTTP redirects. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-7376) Marcel Böhme and Van-Thuan Pham discovered a buffer overflow in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-9047) Marcel Böhme and Van-Thuan Pham discovered a buffer overread in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service. (CVE-2017-9048) Marcel Böhme and Van-Thuan Pham discovered multiple buffer overreads in libxml2 when handling parameter-entity references. An attacker could use these to specially construct XML data that could cause a denial of service. (CVE-2017-9049, CVE-2017-9050)

references

reference_url	https://github.com/sparklemotion/nokogiri/issues/1673
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/issues/1673

fixed_packages

url pkg:gem/nokogiri@1.8.1

purl pkg:gem/nokogiri@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.1

aliases USN-3424-1

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdgu-7d3a-uygr

url VCID-gwrv-agck-yuex

vulnerability_id VCID-gwrv-agck-yuex

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In the Loofah gem for Ruby, denylisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8048.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8048.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8048

reference_id

reference_type

scores

value	0.00689
scoring_system	epss
scoring_elements	0.72159
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8048

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-x7rv-cr6v-4vm4

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-x7rv-cr6v-4vm4

reference_url

https://github.com/flavorjones/loofah

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/flavorjones/loofah

reference_url

https://github.com/flavorjones/loofah/commit/f739cf8eac5851f328b8044281d6653f74eff116

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/flavorjones/loofah/commit/f739cf8eac5851f328b8044281d6653f74eff116

reference_url

https://github.com/flavorjones/loofah/issues/144

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/flavorjones/loofah/issues/144

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-8048.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-8048.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-8048.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-8048.yml

reference_url

https://github.com/sparklemotion/nokogiri/pull/1746

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/pull/1746

reference_url

https://security.netapp.com/advisory/ntap-20191122-0003

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191122-0003

reference_url	https://security.netapp.com/advisory/ntap-20191122-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20191122-0003/

reference_url

https://www.debian.org/security/2018/dsa-4171

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4171

reference_url

http://www.openwall.com/lists/oss-security/2018/03/19/5

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2018/03/19/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1559071
reference_id	1559071
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1559071

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596
reference_id	893596
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-8048

reference_id

CVE-2018-8048

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-8048

fixed_packages

url pkg:gem/nokogiri@1.8.3

purl pkg:gem/nokogiri@1.8.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.3

aliases CVE-2018-8048, GHSA-x7rv-cr6v-4vm4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwrv-agck-yuex

url VCID-j98t-paam-97ec

vulnerability_id VCID-j98t-paam-97ec

summary

Allocation of Resources Without Limits or Throttling
The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-18258

reference_id

reference_type

scores

value	0.00898
scoring_system	epss
scoring_elements	0.7602
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-18258

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml

reference_url

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

reference_url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url

https://security.netapp.com/advisory/ntap-20190719-0001

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190719-0001

reference_url	https://security.netapp.com/advisory/ntap-20190719-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190719-0001/

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.archlinux.org/AVG-671

reference_url	https://usn.ubuntu.com/3739-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3739-1/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1566749
reference_id	1566749
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1566749

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245
reference_id	895245
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245

reference_url

reference_id

AVG-671

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-671

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-18258

reference_id

CVE-2017-18258

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-18258

reference_url

https://github.com/advisories/GHSA-882p-jqgm-f45g

reference_id

GHSA-882p-jqgm-f45g

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-882p-jqgm-f45g

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

fixed_packages

url pkg:gem/nokogiri@1.8.2

purl pkg:gem/nokogiri@1.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.2

aliases CVE-2017-18258, GHSA-882p-jqgm-f45g

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j98t-paam-97ec

url VCID-jvd7-7jes-4ffn

vulnerability_id VCID-jvd7-7jes-4ffn

summary

Bypass of a protection mechanism in libxslt
The libxslt binary, which is included in nokogiri, allows bypass of a protection mechanism because callers of `xsltCheckRead` and `xsltCheckWrite` permit access even upon receiving a -1 error code. `xsltCheckRead` can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11068.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11068

reference_id

reference_type

scores

value	0.01133
scoring_system	epss
scoring_elements	0.78684
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-11068.yml

reference_url

https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L826

reference_url

https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/commit/fe034aedcc59b566740567d621843731686676b9

reference_url

https://github.com/sparklemotion/nokogiri/issues/1892

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1892

reference_url

https://github.com/sparklemotion/nokogiri/pull/1898

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/pull/1898

reference_url

https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6

reference_url

https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA

reference_url

https://security.netapp.com/advisory/ntap-20191017-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191017-0001

reference_url

https://usn.ubuntu.com/3947-1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3947-1

reference_url

https://usn.ubuntu.com/3947-2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3947-2

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url

http://www.openwall.com/lists/oss-security/2019/04/22/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

http://www.openwall.com/lists/oss-security/2019/04/22/1

reference_url

http://www.openwall.com/lists/oss-security/2019/04/23/5

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

http://www.openwall.com/lists/oss-security/2019/04/23/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1709697
reference_id	1709697
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1709697

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/

reference_id

36TEYN37XCCKN2XUMRTBBW67BPNMSW4K

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/

reference_url

https://usn.ubuntu.com/3947-1/

reference_id

3947-1

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

https://usn.ubuntu.com/3947-1/

reference_url

https://usn.ubuntu.com/3947-2/

reference_id

3947-2

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

https://usn.ubuntu.com/3947-2/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895
reference_id	926895
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926895

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11068

reference_id

CVE-2019-11068

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11068

reference_url	https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068
reference_id	CVE-2019-11068
reference_type
scores
url	https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11068

reference_url	https://security-tracker.debian.org/tracker/CVE-2019-11068
reference_id	CVE-2019-11068
reference_type
scores
url	https://security-tracker.debian.org/tracker/CVE-2019-11068

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/

reference_id

GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/

reference_url

https://security.netapp.com/advisory/ntap-20191017-0001/

reference_id

ntap-20191017-0001

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

https://security.netapp.com/advisory/ntap-20191017-0001/

reference_url	https://access.redhat.com/errata/RHSA-2020:4005
reference_id	RHSA-2020:4005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4005

reference_url	https://access.redhat.com/errata/RHSA-2020:4464
reference_id	RHSA-2020:4464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4464

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/

reference_id

SK4YNISS22MJY22YX5I6V2U63QZAUEHA

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:18:22Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/

fixed_packages

url pkg:gem/nokogiri@1.10.3

purl pkg:gem/nokogiri@1.10.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.3

url pkg:gem/nokogiri@1.10.4

purl pkg:gem/nokogiri@1.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4

aliases CVE-2019-11068, GHSA-qxcg-xjjg-66mj

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvd7-7jes-4ffn

url VCID-jxz3-ug52-cuhn

vulnerability_id VCID-jxz3-ug52-cuhn

summary

libxml2 2.9.10 has an infinite loop in a certain end-of-file situation
Nokogiri has backported the patch for CVE-2020-7595 into its vendored version
of libxml2, and released this as v1.10.8

CVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and
so Nokogiri versions <= v1.10.7 are vulnerable.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7595

reference_id

reference_type

scores

value	0.00476
scoring_system	epss
scoring_elements	0.65244
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7595

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1992

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1992

reference_url

https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url

https://security.gentoo.org/glsa/202010-04

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://security.gentoo.org/glsa/202010-04

reference_url

https://security.netapp.com/advisory/ntap-20200702-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200702-0005

reference_url

https://security.netapp.com/advisory/ntap-20200702-0005/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://security.netapp.com/advisory/ntap-20200702-0005/

reference_url

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08

reference_url

https://usn.ubuntu.com/4274-1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4274-1

reference_url

https://usn.ubuntu.com/4274-1/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://usn.ubuntu.com/4274-1/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1799786
reference_id	1799786
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1799786

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_id

545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_id

5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582
reference_id	949582
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582

reference_url	https://security.archlinux.org/ASA-202011-15
reference_id	ASA-202011-15
reference_type
scores
url	https://security.archlinux.org/ASA-202011-15

reference_url

reference_id

AVG-1263

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7595

reference_url

reference_id

CVE-2020-7595

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7595

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_id

JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:3996
reference_id	RHSA-2020:3996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3996

reference_url	https://access.redhat.com/errata/RHSA-2020:4479
reference_id	RHSA-2020:4479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4479

reference_url	https://access.redhat.com/errata/RHSA-2021:0949
reference_id	RHSA-2021:0949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0949

fixed_packages

url pkg:gem/nokogiri@1.10.8

purl pkg:gem/nokogiri@1.10.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.8

aliases CVE-2020-7595, GHSA-7553-jr98-vx47

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxz3-ug52-cuhn

url VCID-m91c-mfu9-bbbh

vulnerability_id VCID-m91c-mfu9-bbbh

summary

Loop with Unreachable Exit Condition ('Infinite Loop')
parser.c in libxml2 does not prevent infinite recursion in parameter entities.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16932

reference_id

reference_type

scores

value	0.21755
scoring_system	epss
scoring_elements	0.95849
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16932

reference_url

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=759579

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://bugzilla.gnome.org/show_bug.cgi?id=759579

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml

reference_url

https://github.com/sparklemotion/nokogiri/issues/1714

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1714

reference_url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://usn.ubuntu.com/usn/usn-3504-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/usn/usn-3504-1/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1517316
reference_id	1517316
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1517316

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613
reference_id	882613
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613

reference_url

reference_id

899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16932

reference_id

CVE-2017-16932

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16932

reference_url	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html
reference_id	CVE-2017-16932.HTML
reference_type
scores
url	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html

fixed_packages

url pkg:gem/nokogiri@1.8.1

purl pkg:gem/nokogiri@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-j98t-paam-97ec

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-ueh5-fv4d-a7a8

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.1

aliases CVE-2017-16932, GHSA-x2fm-93ww-ggvx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m91c-mfu9-bbbh

url VCID-p6m6-7kgc-y3g8

vulnerability_id VCID-p6m6-7kgc-y3g8

summary

Duplicate
This advisory duplicates another.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/discussions/3146

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/discussions/3146

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/604

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/604

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-25062

reference_id

CVE-2024-25062

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-25062

reference_url	https://github.com/advisories/GHSA-xc9x-jj77-9p9j
reference_id	GHSA-xc9x-jj77-9p9j
reference_type
scores
url	https://github.com/advisories/GHSA-xc9x-jj77-9p9j

reference_url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j

reference_id

GHSA-xc9x-jj77-9p9j

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml

reference_id

GHSA-xc9x-jj77-9p9j.yml

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml

fixed_packages

url pkg:gem/nokogiri@1.15.6

purl pkg:gem/nokogiri@1.15.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-wnj6-hc4g-ykfs

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.15.6

url pkg:gem/nokogiri@1.16.0.rc1

purl pkg:gem/nokogiri@1.16.0.rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-wnj6-hc4g-ykfs

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.0.rc1

url pkg:gem/nokogiri@1.16.2

purl pkg:gem/nokogiri@1.16.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-wnj6-hc4g-ykfs

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.2

aliases GHSA-xc9x-jj77-9p9j, GMS-2024-127

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6m6-7kgc-y3g8

url VCID-pb6j-zdqw-g7cj

vulnerability_id VCID-pb6j-zdqw-g7cj

summary

Nokogiri patches vendored libxml2 to resolve multiple CVEs
## Summary

Nokogiri v1.18.9 patches the vendored libxml2 to address
CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795,
and CVE-2025-49796.

## Impact and severity

### CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer
overflows in buffer size calculations can lead to a stack-based
buffer overflow. This issue can result in memory corruption or a
denial of service when processing crafted input.

NVD claims a severity of 7.5 High
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/17d950ae

### CVE-2025-6170

A flaw was found in the interactive shell of the xmllint command-line
tool, used for parsing XML files. When a user inputs an overly long
command, the program does not check the input size properly, which
can cause it to crash. This issue might allow attackers to run
harmful code in rare configurations without modern protections.

NVD claims a severity of 2.5 Low
(CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/5e9ec5c1

### CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue
occurs when parsing XPath elements under certain circumstances when
the XML schematron has the <sch:name path="..."/> schema elements.
This flaw allows a malicious actor to craft a malicious XML document
used as input for libxml, resulting in the program's crash using
libxml or other possible undefined behaviors.

NVD claims a severity of 9.1 Critical
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5

### CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when
processing XPath XML expressions. This flaw allows an attacker to
craft a malicious XML input to libxml2, leading to a denial of service.

NVD claims a severity of 7.5 High
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/62048278

### CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name
elements from the input XML file can trigger a memory corruption
issue. This flaw allows an attacker to craft a malicious XML input
file that can lead libxml to crash, resulting in a denial of service
or other possible undefined behavior due to sensitive data being
corrupted in memory.

NVD claims a severity of 9.1 Critical
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

Fixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5

## Affected Versions

- Nokogiri < 1.18.9 when using CRuby (MRI) with vendored libxml2

## Patched Versions

- Nokogiri >= 1.18.9

## Mitigation

Upgrade to Nokogiri v1.18.9 or later.

Users who are unable to upgrade Nokogiri may also choose a more
complicated mitigation: compile and link Nokogiri against patched
external libxml2 libraries which will also address these same issues.

references

reference_url

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/pull/3526

reference_url

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/pull/3526

reference_url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-49794

reference_id

CVE-2025-49794

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-49794

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-49795

reference_id

CVE-2025-49795

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-49795

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-49796

reference_id

CVE-2025-49796

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-49796

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-6021

reference_id

CVE-2025-6021

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-6021

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-6170

reference_id

CVE-2025-6170

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-6170

reference_url	https://github.com/advisories/GHSA-353f-x4gh-cqq8
reference_id	GHSA-353f-x4gh-cqq8
reference_type
scores
url	https://github.com/advisories/GHSA-353f-x4gh-cqq8

fixed_packages

url pkg:gem/nokogiri@1.18.9

purl pkg:gem/nokogiri@1.18.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d13x-y75t-2ugx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.9

aliases GHSA-353f-x4gh-cqq8

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pb6j-zdqw-g7cj

url VCID-pr2j-1118-hqaa

vulnerability_id VCID-pr2j-1118-hqaa

summary

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
### Summary

Nokogiri v1.13.9 upgrades the packaged version of its dependency libxml2 to
[v2.10.3](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.3) from
v2.9.14.

libxml2 v2.10.3 addresses the following known vulnerabilities:

- [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309)
- [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304)
- [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303)

Please note that this advisory only applies to the CRuby implementation of
Nokogiri `< 1.13.9`, and only if the _packaged_ libraries are being used. If
you've overridden defaults at installation time to use _system_ libraries
instead of packaged libraries, you should instead pay attention to your
distro's `libxml2` release announcements.

### Mitigation

Upgrade to Nokogiri `>= 1.13.9`.

Users who are unable to upgrade Nokogiri may also choose a more complicated
mitigation: compile and link Nokogiri against external libraries libxml2
`>= 2.10.3` which will also address these same issues.

### Impact

#### libxml2 [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309)

- **CVSS3 score**: Under evaluation
- **Type**: Denial of service
- **Description**: NULL Pointer Dereference allows attackers to cause a denial
of service (or application crash). This only applies when lxml is used
together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not
affected. It allows triggering crashes through forged input data, given a
vulnerable code sequence in the application. The vulnerability is caused by
the iterwalk function (also used by the canonicalize function). Such code
shouldn't be in wide-spread use, given that parsing + iterwalk would usually
be replaced with the more efficient iterparse function. However, an XML
converter that serialises to C14N would also be vulnerable, for example, and
there are legitimate use cases for this code sequence. If untrusted input is
received (also remotely) and processed via iterwalk function, a crash can be
triggered.

Nokogiri maintainers investigated at #2620 and determined this CVE does not
affect Nokogiri users.

#### libxml2 [CVE-2022-40304](https://nvd.nist.gov/vuln/detail/CVE-2022-40304)

- **CVSS3 score**: Unspecified upstream
- **Type**: Data corruption, denial of service
- **Description**: When an entity reference cycle is detected, the entity
content is cleared by setting its first byte to zero. But the entity content
might be allocated from a dict. In this case, the dict entry becomes corrupted
leading to all kinds of logic errors, including memory errors like
double-frees.

See https://gitlab.gnome.org/GNOME/libxml2/-/commit/644a89e080bced793295f61f18aac8cfad6bece2

#### libxml2 [CVE-2022-40303](https://nvd.nist.gov/vuln/detail/CVE-2022-40303)

- **CVSS3 score**: Unspecified upstream
- **Type**: Integer overflow
- **Description**: Integer overflows with XML_PARSE_HUGE

See https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

reference_url	https://github.com/advisories/GHSA-2qc6-mcvw-92cw
reference_id	GHSA-2qc6-mcvw-92cw
reference_type
scores
url	https://github.com/advisories/GHSA-2qc6-mcvw-92cw

fixed_packages

url pkg:gem/nokogiri@1.13.9

purl pkg:gem/nokogiri@1.13.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qhx2-j1jc-cyev

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.9

aliases GHSA-2qc6-mcvw-92cw, GMS-2022-5550

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pr2j-1118-hqaa

url VCID-q3td-7t4g-57ba

vulnerability_id VCID-q3td-7t4g-57ba

summary

Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
## Summary

Nokogiri v1.16.5 upgrades its dependency libxml2 to
[2.12.7](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7) from 2.12.6.

libxml2 v2.12.7 addresses CVE-2024-34459:

- described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/720
- patched by https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53

## Impact

There is no impact to Nokogiri users because the issue is present only
in libxml2's `xmllint` tool which Nokogiri does not provide or expose.

## Timeline

- 2024-05-13 05:57 EDT, libxml2 2.12.7 release is announced
- 2024-05-13 08:30 EDT, nokogiri maintainers begin triage
- 2024-05-13 10:05 EDT, nokogiri [v1.16.5 is released](https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5)
  and this GHSA made public

references

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5

reference_url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/720

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/720

reference_url	https://github.com/advisories/GHSA-r95h-9x8f-r3f7
reference_id	GHSA-r95h-9x8f-r3f7
reference_type
scores
url	https://github.com/advisories/GHSA-r95h-9x8f-r3f7

fixed_packages

url pkg:gem/nokogiri@1.16.5

purl pkg:gem/nokogiri@1.16.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-wnj6-hc4g-ykfs

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.5

aliases GHSA-r95h-9x8f-r3f7

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q3td-7t4g-57ba

url VCID-qkq6-n1ds-x7e5

vulnerability_id VCID-qkq6-n1ds-x7e5

summary

Inefficient Regular Expression Complexity
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24836

reference_id

reference_type

scores

value	0.01827
scoring_system	epss
scoring_elements	0.83241
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24836

reference_url

http://seclists.org/fulldisclosure/2022/Dec/23

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2022/Dec/23

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd

reference_url

https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4

reference_url

https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer

reference_url

https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT213532

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT213532

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787
reference_id	1009787
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2074346
reference_id	2074346
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2074346

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24836

reference_id

CVE-2022-24836

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24836

reference_url	https://github.com/advisories/GHSA-crjr-9rc5-ghw8
reference_id	GHSA-crjr-9rc5-ghw8
reference_type
scores
url	https://github.com/advisories/GHSA-crjr-9rc5-ghw8

reference_url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

reference_id

GHSA-crjr-9rc5-ghw8

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

reference_url	https://access.redhat.com/errata/RHSA-2022:8506
reference_id	RHSA-2022:8506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8506

fixed_packages

url pkg:gem/nokogiri@1.13.4

purl pkg:gem/nokogiri@1.13.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4

aliases CVE-2022-24836, GHSA-crjr-9rc5-ghw8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qkq6-n1ds-x7e5

url VCID-u9b2-qx2j-c7by

vulnerability_id VCID-u9b2-qx2j-c7by

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5815.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5815

reference_id

reference_type

scores

value	0.00111
scoring_system	epss
scoring_elements	0.29163
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5815

reference_url	https://bugs.chromium.org/p/chromium/issues/detail?id=930663
reference_id
reference_type
scores
url	https://bugs.chromium.org/p/chromium/issues/detail?id=930663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5815.yml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/2630

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/2630

reference_url

https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1702905
reference_id	1702905
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1702905

reference_url	https://security.archlinux.org/ASA-201904-12
reference_id	ASA-201904-12
reference_type
scores
url	https://security.archlinux.org/ASA-201904-12

reference_url

https://security.archlinux.org/AVG-952

reference_id

AVG-952

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-952

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5815

reference_id

CVE-2019-5815

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5815

reference_url	https://security.gentoo.org/glsa/201908-18
reference_id	GLSA-201908-18
reference_type
scores
url	https://security.gentoo.org/glsa/201908-18

reference_url	https://access.redhat.com/errata/RHSA-2019:1021
reference_id	RHSA-2019:1021
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1021

fixed_packages

url pkg:gem/nokogiri@1.10.4

purl pkg:gem/nokogiri@1.10.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.4

url pkg:gem/nokogiri@1.10.5

purl pkg:gem/nokogiri@1.10.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5

aliases CVE-2019-5815, GHSA-vmfx-gcfq-wvm2

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9b2-qx2j-c7by

url VCID-ueh5-fv4d-a7a8

vulnerability_id VCID-ueh5-fv4d-a7a8

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15412

reference_id

reference_type

scores

value	0.02535
scoring_system	epss
scoring_elements	0.85726
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15412

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=783160

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.gnome.org/show_bug.cgi?id=783160

reference_url

https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html

reference_url

https://crbug.com/727039

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://crbug.com/727039

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml

reference_url

https://github.com/sparklemotion/nokogiri/issues/1714

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1714

reference_url

https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html

reference_url

https://security.gentoo.org/glsa/201801-03

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201801-03

reference_url

https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348

reference_url

https://www.debian.org/security/2018/dsa-4086

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4086

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1523128
reference_id	1523128
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1523128

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790
reference_id	883790
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790

reference_url	https://security.archlinux.org/ASA-201712-5
reference_id	ASA-201712-5
reference_type
scores
url	https://security.archlinux.org/ASA-201712-5

reference_url

https://security.archlinux.org/AVG-544

reference_id

AVG-544

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-544

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15412

reference_id

CVE-2017-15412

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15412

reference_url	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html
reference_id	CVE-2017-15412.HTML
reference_type
scores
url	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html

reference_url

https://access.redhat.com/errata/RHSA-2017:3401

reference_id

RHSA-2017:3401

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3401

reference_url

https://access.redhat.com/errata/RHSA-2018:0287

reference_id

RHSA-2018:0287

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0287

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

fixed_packages

url pkg:gem/nokogiri@1.8.2

purl pkg:gem/nokogiri@1.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-5xuf-r7bj-33fa

vulnerability	VCID-akrb-6bu8-nqfq

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-ft4s-195a-8fcf

vulnerability	VCID-gwrv-agck-yuex

vulnerability	VCID-jvd7-7jes-4ffn

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-u9b2-qx2j-c7by

vulnerability	VCID-uk9u-nn9a-4yes

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

vulnerability	VCID-zx33-nyvt-vbe9

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.8.2

aliases CVE-2017-15412, GHSA-r58r-74gx-6wx3

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ueh5-fv4d-a7a8

url VCID-uk9u-nn9a-4yes

vulnerability_id VCID-uk9u-nn9a-4yes

summary multiple issues

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18197.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18197

reference_id

reference_type

scores

value	0.04534
scoring_system	epss
scoring_elements	0.89355
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18197

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-18197.yml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/01ab95f3e37429ed8d3b380a8d2f73902eb325d9/CHANGELOG.md?plain=1#L934

reference_url

https://github.com/sparklemotion/nokogiri/issues/1943

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1943

reference_url

https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285

reference_url

https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

https://lists.debian.org/debian-lts-announce/2019/10/msg00037.html

reference_url

https://security.netapp.com/advisory/ntap-20191031-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20191031-0004

reference_url

https://security.netapp.com/advisory/ntap-20200416-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200416-0004

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

http://www.openwall.com/lists/oss-security/2019/11/17/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

http://www.openwall.com/lists/oss-security/2019/11/17/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1770768
reference_id	1770768
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1770768

reference_url

reference_id

4164-1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

https://security.archlinux.org/AVG-1092

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646
reference_id	942646
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942646

reference_url	https://security.archlinux.org/ASA-202002-3
reference_id	ASA-202002-3
reference_type
scores
url	https://security.archlinux.org/ASA-202002-3

reference_url

reference_id

AVG-1092

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1092

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-18197

reference_id

CVE-2019-18197

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-18197

reference_url

https://security.netapp.com/advisory/ntap-20191031-0004/

reference_id

ntap-20191031-0004

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

https://security.netapp.com/advisory/ntap-20191031-0004/

reference_url

https://security.netapp.com/advisory/ntap-20200416-0004/

reference_id

ntap-20200416-0004

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

https://security.netapp.com/advisory/ntap-20200416-0004/

reference_url

https://access.redhat.com/errata/RHSA-2020:0514

reference_id

RHSA-2020:0514

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-28T18:27:54Z/

url

https://access.redhat.com/errata/RHSA-2020:0514

reference_url	https://access.redhat.com/errata/RHSA-2020:4005
reference_id	RHSA-2020:4005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4005

reference_url	https://access.redhat.com/errata/RHSA-2020:4464
reference_id	RHSA-2020:4464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4464

fixed_packages

url pkg:gem/nokogiri@1.10.5

purl pkg:gem/nokogiri@1.10.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sh8-bsk3-auct

vulnerability	VCID-2r85-egs8-4be3

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-jxz3-ug52-cuhn

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-pr2j-1118-hqaa

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-qkq6-n1ds-x7e5

vulnerability	VCID-wnj6-hc4g-ykfs

vulnerability	VCID-yrjg-2aw9-effx

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.10.5

aliases CVE-2019-18197, GHSA-242x-7cm6-4w8j

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uk9u-nn9a-4yes

url VCID-wnj6-hc4g-ykfs

vulnerability_id VCID-wnj6-hc4g-ykfs

summary

Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
## Summary

Nokogiri v1.18.8 upgrades its dependency libxml2 to
[v2.13.8](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8).

libxml2 v2.13.8 addresses:

- CVE-2025-32414
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
- CVE-2025-32415
  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/890

## Impact

### CVE-2025-32414: No impact

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds
memory access can occur in the Python API (Python bindings) because
of an incorrect return value. This occurs in xmlPythonFileRead and
xmlPythonFileReadRaw because of a difference between bytes and characters.

**There is no impact** from this CVE for Nokogiri users.

### CVE-2025-32415: Low impact

In libxml2 before 2.13.8 and 2.14.x before 2.14.2,
xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer
under-read. To exploit this, a crafted XML document must be validated
against an XML schema with certain identity constraints, or a
crafted XML schema must be used.

In the upstream issue, further context is provided by the maintainer:

> The bug affects validation against untrusted XML Schemas (.xsd)
> and validation of untrusted documents against trusted Schemas if
> they make use of xsd:keyref in combination with recursively
> defined types that have additional identity constraints.

MITRE has published a severity score of 2.9 LOW
(CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) for this CVE.

references

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/889

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/889

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/890

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/890

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8

reference_url	https://github.com/advisories/GHSA-5w6v-399v-w3cc
reference_id	GHSA-5w6v-399v-w3cc
reference_type
scores
url	https://github.com/advisories/GHSA-5w6v-399v-w3cc

fixed_packages

url pkg:gem/nokogiri@1.18.8

purl pkg:gem/nokogiri@1.18.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-pb6j-zdqw-g7cj

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.8

aliases GHSA-5w6v-399v-w3cc

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wnj6-hc4g-ykfs

url VCID-yrjg-2aw9-effx

vulnerability_id VCID-yrjg-2aw9-effx

summary

Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
### Summary

Nokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to [v2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4) from v2.10.3.

libxml2 v2.10.4 addresses the following known vulnerabilities:

- [CVE-2023-29469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469): Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484): Fix null deref in xmlSchemaFixupComplexType
- Schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK

Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.14.3`, and only if the _packaged_ libraries are being used. If you've overridden defaults at installation time to use _system_ libraries instead of packaged libraries, you should instead pay attention to your distro's `libxml2` release announcements.


### Mitigation

Upgrade to Nokogiri `>= 1.14.3`.

Users who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile and link Nokogiri against external libraries libxml2 `>= 2.10.4` which will also address these same issues.


### Impact

No public information has yet been published about the security-related issues other than the upstream commits. Examination of those changesets indicate that the more serious issues relate to libxml2 dereferencing NULL pointers and potentially segfaulting while parsing untrusted inputs.

The commits can be examined at:

- [[CVE-2023-29469] Hashing of empty dict strings isn't deterministic (09a2dd45) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64)
- [[CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType (647e072e) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f)
- [schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK (4c6922f7) · Commits · GNOME / libxml2 · GitLab](https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6)

references

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_url	https://github.com/advisories/GHSA-pxvg-2qj5-37jq
reference_id	GHSA-pxvg-2qj5-37jq
reference_type
scores
url	https://github.com/advisories/GHSA-pxvg-2qj5-37jq

reference_url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq

reference_id

GHSA-pxvg-2qj5-37jq

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq

fixed_packages

url pkg:gem/nokogiri@1.14.3

purl pkg:gem/nokogiri@1.14.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-chdv-jk6d-uuga

vulnerability	VCID-d13x-y75t-2ugx

vulnerability	VCID-p6m6-7kgc-y3g8

vulnerability	VCID-pb6j-zdqw-g7cj

vulnerability	VCID-q3td-7t4g-57ba

vulnerability	VCID-wnj6-hc4g-ykfs

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.14.3

aliases GHSA-pxvg-2qj5-37jq, GMS-2023-1115

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yrjg-2aw9-effx

url VCID-zx33-nyvt-vbe9

vulnerability_id VCID-zx33-nyvt-vbe9

summary

Rexical Command Injection Vulnerability
A command injection vulnerability appears in code generated by the Rexical
gem versions v1.0.6 and earlier. It allows commands to be executed in a
subprocess by Ruby's `Kernel.open` method.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5477

reference_id

reference_type

scores

value	0.09316
scoring_system	epss
scoring_elements	0.92907
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5477

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url