{"url":"http://public2.vulnerablecode.io/api/packages/1937?format=json","purl":"pkg:alpm/archlinux/libxml2@2.9.4%2B4%2Bg3169602-1","type":"alpm","namespace":"archlinux","name":"libxml2","version":"2.9.4+4+g3169602-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.9.4+12+ge905f08-1","latest_non_vulnerable_version":"2.9.14-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4780?format=json","vulnerability_id":"VCID-9m3t-anwb-4fbx","summary":"arbitrary code execution","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4658","reference_id":"","reference_type":"","scores":[{"value":"0.15391","scoring_system":"epss","scoring_elements":"0.94767","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1615","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1615"},{"reference_url":"https://security.gentoo.org/glsa/201701-37","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201701-37"},{"reference_url":"https://support.apple.com/HT207141","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT207141"},{"reference_url":"https://support.apple.com/HT207142","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT207142"},{"reference_url":"https://support.apple.com/HT207143","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT207143"},{"reference_url":"https://support.apple.com/HT207170","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/HT207170"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1384424","reference_id":"1384424","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1384424"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553","reference_id":"840553","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553"},{"reference_url":"https://security.archlinux.org/ASA-201611-2","reference_id":"ASA-201611-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-2"},{"reference_url":"https://security.archlinux.org/AVG-56","reference_id":"AVG-56","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-56"},{"reference_url":"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html","reference_id":"CVE-2016-4448.HTML","reference_type":"","scores":[],"url":"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4658","reference_id":"CVE-2016-4658","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4658"},{"reference_url":"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html","reference_id":"CVE-2016-4658.HTML","reference_type":"","scores":[],"url":"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html"},{"reference_url":"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html","reference_id":"CVE-2016-5131.HTML","reference_type":"","scores":[],"url":"http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3810","reference_id":"RHSA-2021:3810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3810"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1938?format=json","purl":"pkg:alpm/archlinux/libxml2@2.9.4%2B12%2Bge905f08-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libxml2@2.9.4%252B12%252Bge905f08-1"}],"aliases":["CVE-2016-4658","GHSA-fr52-4hqw-p27f"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9m3t-anwb-4fbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4779?format=json","vulnerability_id":"VCID-m8d1-5qex-huf8","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5131.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5131.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5131","reference_id":"","reference_type":"","scores":[{"value":"0.0369","scoring_system":"epss","scoring_elements":"0.88144","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1707"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1711","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5127","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5127"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5130","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5130"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5135","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5136","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5136"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5137","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5137"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358641","reference_id":"1358641","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358641"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840554","reference_id":"840554","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840554"},{"reference_url":"https://security.archlinux.org/ASA-201611-2","reference_id":"ASA-201611-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-2"},{"reference_url":"https://security.archlinux.org/AVG-56","reference_id":"AVG-56","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-56"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5131","reference_id":"CVE-2016-5131","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1485","reference_id":"RHSA-2016:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1938?format=json","purl":"pkg:alpm/archlinux/libxml2@2.9.4%2B12%2Bge905f08-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libxml2@2.9.4%252B12%252Bge905f08-1"}],"aliases":["CVE-2016-5131"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m8d1-5qex-huf8"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libxml2@2.9.4%252B4%252Bg3169602-1"}