Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/libxml2@2.10.4-r0?arch=ppc64le&distroversion=edge&reponame=main

Type apk

Namespace alpine

Name libxml2

Version 2.10.4-r0

Qualifiers

arch	ppc64le
distroversion	edge
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.12.5-r0

Latest_non_vulnerable_version 2.13.9-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-qpnt-xvgv-s3cq

vulnerability_id VCID-qpnt-xvgv-s3cq

summary This advisory has been invalidated.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28484

reference_id

reference_type

scores

value	0.00249
scoring_system	epss
scoring_elements	0.48197
published_at	2026-04-13T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48186
published_at	2026-04-12T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49179
published_at	2026-04-04T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.4915
published_at	2026-04-02T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49181
published_at	2026-04-09T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49184
published_at	2026-04-08T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.4913
published_at	2026-04-07T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49199
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/491

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/491

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11
reference_id
reference_type
scores
url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436
reference_id	1034436
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2185994
reference_id	2185994
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2185994

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-28484
reference_id	CVE-2023-28484
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-28484

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

reference_url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_id

ntap-20230601-0006

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_id

ntap-20240201-0005

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_url	https://access.redhat.com/errata/RHSA-2023:4349
reference_id	RHSA-2023:4349
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4349

reference_url	https://access.redhat.com/errata/RHSA-2023:4529
reference_id	RHSA-2023:4529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4529

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://usn.ubuntu.com/6028-1/
reference_id	USN-6028-1
reference_type
scores
url	https://usn.ubuntu.com/6028-1/

reference_url	https://usn.ubuntu.com/6028-2/
reference_id	USN-6028-2
reference_type
scores
url	https://usn.ubuntu.com/6028-2/

fixed_packages

url	pkg:apk/alpine/libxml2@2.10.4-r0?arch=ppc64le&distroversion=edge&reponame=main
purl	pkg:apk/alpine/libxml2@2.10.4-r0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libxml2@2.10.4-r0%3Farch=ppc64le&distroversion=edge&reponame=main

aliases CVE-2023-28484

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpnt-xvgv-s3cq

url VCID-x9ej-7dcq-tub2

vulnerability_id VCID-x9ej-7dcq-tub2

summary

Double Free
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29469

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.2209
published_at	2026-04-02T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2196
published_at	2026-04-13T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2214
published_at	2026-04-04T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2191
published_at	2026-04-07T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21991
published_at	2026-04-08T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22046
published_at	2026-04-09T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22061
published_at	2026-04-11T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2202
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/510

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/510

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11
reference_id
reference_type
scores
url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437
reference_id	1034437
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2185984
reference_id	2185984
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2185984

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-29469
reference_id	CVE-2023-29469
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-29469

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

reference_url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_id

ntap-20230601-0006

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:4349
reference_id	RHSA-2023:4349
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4349

reference_url	https://access.redhat.com/errata/RHSA-2023:4529
reference_id	RHSA-2023:4529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4529

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://usn.ubuntu.com/6028-1/
reference_id	USN-6028-1
reference_type
scores
url	https://usn.ubuntu.com/6028-1/

reference_url	https://usn.ubuntu.com/6028-2/
reference_id	USN-6028-2
reference_type
scores
url	https://usn.ubuntu.com/6028-2/

fixed_packages

url	pkg:apk/alpine/libxml2@2.10.4-r0?arch=ppc64le&distroversion=edge&reponame=main
purl	pkg:apk/alpine/libxml2@2.10.4-r0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libxml2@2.10.4-r0%3Farch=ppc64le&distroversion=edge&reponame=main

aliases CVE-2023-29469

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9ej-7dcq-tub2

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libxml2@2.10.4-r0%3Farch=ppc64le&distroversion=edge&reponame=main

Package Instance