{"url":"http://public2.vulnerablecode.io/api/packages/490654?format=json","purl":"pkg:npm/xmldom@0.1.12","type":"npm","namespace":"","name":"xmldom","version":"0.1.12","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28624?format=json","vulnerability_id":"VCID-36ef-k7sp-n3d9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41675.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41675.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41675","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06362","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06348","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0637","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06381","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41675"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41675"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/xmldom/xmldom","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41675","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41675"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.8.13","reference_id":"0.8.13","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:43:50Z/"}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.8.13"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.9.10","reference_id":"0.9.10","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:43:50Z/"}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.9.10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467629","reference_id":"2467629","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467629"},{"reference_url":"https://github.com/xmldom/xmldom/commit/7207a4b0e0bcc228868075ed991665ef9f73b1c2","reference_id":"7207a4b0e0bcc228868075ed991665ef9f73b1c2","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:43:50Z/"}],"url":"https://github.com/xmldom/xmldom/commit/7207a4b0e0bcc228868075ed991665ef9f73b1c2"},{"reference_url":"https://github.com/advisories/GHSA-x6wf-f3px-wcqx","reference_id":"GHSA-x6wf-f3px-wcqx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x6wf-f3px-wcqx"},{"reference_url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx","reference_id":"GHSA-x6wf-f3px-wcqx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:43:50Z/"}],"url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx"}],"fixed_packages":[],"aliases":["CVE-2026-41675","GHSA-x6wf-f3px-wcqx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36ef-k7sp-n3d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208528?format=json","vulnerability_id":"VCID-7mj9-92bb-5khe","summary":"xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32796.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32796.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32796","reference_id":"","reference_type":"","scores":[{"value":"0.01146","scoring_system":"epss","scoring_elements":"0.78871","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01146","scoring_system":"epss","scoring_elements":"0.78937","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01146","scoring_system":"epss","scoring_elements":"0.78954","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01146","scoring_system":"epss","scoring_elements":"0.78951","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32796"},{"reference_url":"https://github.com/xmldom/xmldom","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom"},{"reference_url":"https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b"},{"reference_url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q"},{"reference_url":"https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities"},{"reference_url":"https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/","reference_id":"","reference_type":"","scores":[],"url":"https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/"},{"reference_url":"https://mattermost.com/blog/securing-xml-implementations-across-the-web","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mattermost.com/blog/securing-xml-implementations-across-the-web"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32796","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32796"},{"reference_url":"https://www.npmjs.com/package/@xmldom/xmldom","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/@xmldom/xmldom"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1987330","reference_id":"1987330","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1987330"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991612","reference_id":"991612","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991612"},{"reference_url":"https://github.com/advisories/GHSA-5fg8-2547-mr8q","reference_id":"GHSA-5fg8-2547-mr8q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5fg8-2547-mr8q"}],"fixed_packages":[],"aliases":["CVE-2021-32796","GHSA-5fg8-2547-mr8q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7mj9-92bb-5khe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28621?format=json","vulnerability_id":"VCID-9aau-6eq7-fygj","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41672.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41672.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41672","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23808","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.2399","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24012","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24004","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41672"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/xmldom/xmldom","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41672","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41672"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.8.13","reference_id":"0.8.13","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:11:04Z/"}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.8.13"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.9.10","reference_id":"0.9.10","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:11:04Z/"}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.9.10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467631","reference_id":"2467631","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467631"},{"reference_url":"https://github.com/xmldom/xmldom/pull/987","reference_id":"987","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:11:04Z/"}],"url":"https://github.com/xmldom/xmldom/pull/987"},{"reference_url":"https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7","reference_id":"b397540889086da868c30c366ad5c220d1a750c7","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:11:04Z/"}],"url":"https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7"},{"reference_url":"https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1","reference_id":"fda7cc313de30243fea35cada64e0bb12099c2a1","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:11:04Z/"}],"url":"https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1"},{"reference_url":"https://github.com/advisories/GHSA-j759-j44w-7fr8","reference_id":"GHSA-j759-j44w-7fr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j759-j44w-7fr8"},{"reference_url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8","reference_id":"GHSA-j759-j44w-7fr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:11:04Z/"}],"url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8"}],"fixed_packages":[],"aliases":["CVE-2026-41672","GHSA-j759-j44w-7fr8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9aau-6eq7-fygj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28371?format=json","vulnerability_id":"VCID-dee8-pr8u-zff7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34601.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34601.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34601","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05682","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05691","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.057","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05707","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34601"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/xmldom/xmldom","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34601","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34601"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.8.12","reference_id":"0.8.12","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:02:29Z/"}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.8.12"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.9.9","reference_id":"0.9.9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:02:29Z/"}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.9.9"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132714","reference_id":"1132714","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132714"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454595","reference_id":"2454595","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454595"},{"reference_url":"https://github.com/xmldom/xmldom/commit/2b852e836ab86dbbd6cbaf0537f584dd0b5ac184","reference_id":"2b852e836ab86dbbd6cbaf0537f584dd0b5ac184","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:02:29Z/"}],"url":"https://github.com/xmldom/xmldom/commit/2b852e836ab86dbbd6cbaf0537f584dd0b5ac184"},{"reference_url":"https://github.com/advisories/GHSA-wh4c-j3r5-mjhp","reference_id":"GHSA-wh4c-j3r5-mjhp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wh4c-j3r5-mjhp"},{"reference_url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp","reference_id":"GHSA-wh4c-j3r5-mjhp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T16:02:29Z/"}],"url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp"}],"fixed_packages":[],"aliases":["CVE-2026-34601","GHSA-wh4c-j3r5-mjhp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dee8-pr8u-zff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28623?format=json","vulnerability_id":"VCID-e297-qujn-gyc2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41674.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41674.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41674","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06362","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06348","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0637","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06381","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41674","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41674"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/xmldom/xmldom","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41674","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41674"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.8.13","reference_id":"0.8.13","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:35:22Z/"}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.8.13"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.9.10","reference_id":"0.9.10","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:35:22Z/"}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.9.10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467620","reference_id":"2467620","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467620"},{"reference_url":"https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314","reference_id":"372008f9ae0e20fd69f761c7b79e202598267314","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:35:22Z/"}],"url":"https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314"},{"reference_url":"https://github.com/advisories/GHSA-f6ww-3ggp-fr8h","reference_id":"GHSA-f6ww-3ggp-fr8h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f6ww-3ggp-fr8h"},{"reference_url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h","reference_id":"GHSA-f6ww-3ggp-fr8h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T12:35:22Z/"}],"url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20034","reference_id":"RHSA-2026:20034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21338","reference_id":"RHSA-2026:21338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:21703","reference_id":"RHSA-2026:21703","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:21703"}],"fixed_packages":[],"aliases":["CVE-2026-41674","GHSA-f6ww-3ggp-fr8h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e297-qujn-gyc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28622?format=json","vulnerability_id":"VCID-gbzu-517w-d7dy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41673.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41673.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41673","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13705","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13734","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13616","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13733","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41673"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/xmldom/xmldom","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41673","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41673"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.8.13","reference_id":"0.8.13","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:08:40Z/"}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.8.13"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.9.10","reference_id":"0.9.10","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:08:40Z/"}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.9.10"},{"reference_url":"https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa","reference_id":"17678a2a73ecbd1a2da90f3d47dc23da9cef81aa","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:08:40Z/"}],"url":"https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467630","reference_id":"2467630","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467630"},{"reference_url":"https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597","reference_id":"291257493cb0eb6980eda83b162a9c4e6d7d2597","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:08:40Z/"}],"url":"https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597"},{"reference_url":"https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f","reference_id":"2d6d6916ed8a4c223db1f6d7560ab4544c465b0f","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:08:40Z/"}],"url":"https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f"},{"reference_url":"https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a","reference_id":"430357c7b6333108856e917bf2367afe5ceb6f8a","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:08:40Z/"}],"url":"https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a"},{"reference_url":"https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe","reference_id":"4845ef109221df0890825de2822fbe77afba3afe","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:08:40Z/"}],"url":"https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe"},{"reference_url":"https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3","reference_id":"8834218c85ac2a4d757b9587c9028e67c2f7b6c3","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:08:40Z/"}],"url":"https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3"},{"reference_url":"https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112","reference_id":"8b7cfd1491314abdc347261921d7334ff15f7112","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:08:40Z/"}],"url":"https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112"},{"reference_url":"https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb","reference_id":"b0620383abc1df067f3ce1014c43ae1bc1161eeb","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:08:40Z/"}],"url":"https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb"},{"reference_url":"https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84","reference_id":"e6edcab6bef5bcdba0b220bb35442aa72f452b84","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:08:40Z/"}],"url":"https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84"},{"reference_url":"https://github.com/advisories/GHSA-2v35-w6hq-6mfw","reference_id":"GHSA-2v35-w6hq-6mfw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2v35-w6hq-6mfw"},{"reference_url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw","reference_id":"GHSA-2v35-w6hq-6mfw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T14:08:40Z/"}],"url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw"}],"fixed_packages":[],"aliases":["CVE-2026-41673","GHSA-2v35-w6hq-6mfw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbzu-517w-d7dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208251?format=json","vulnerability_id":"VCID-wsc2-qd4d-6fbt","summary":"xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This is fixed in version 0.5.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21366.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21366","reference_id":"","reference_type":"","scores":[{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80452","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80513","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80525","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01344","scoring_system":"epss","scoring_elements":"0.80516","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21366"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21366","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21366"},{"reference_url":"https://github.com/xmldom/xmldom","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom"},{"reference_url":"https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.5.0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.5.0"},{"reference_url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21366","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21366"},{"reference_url":"https://www.npmjs.com/package/xmldom","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/xmldom"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2210851","reference_id":"2210851","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2210851"},{"reference_url":"https://github.com/advisories/GHSA-h6q6-9hqw-rwfv","reference_id":"GHSA-h6q6-9hqw-rwfv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h6q6-9hqw-rwfv"},{"reference_url":"https://usn.ubuntu.com/6102-1/","reference_id":"USN-6102-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6102-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383089?format=json","purl":"pkg:npm/xmldom@0.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-36ef-k7sp-n3d9"},{"vulnerability":"VCID-7mj9-92bb-5khe"},{"vulnerability":"VCID-9aau-6eq7-fygj"},{"vulnerability":"VCID-dee8-pr8u-zff7"},{"vulnerability":"VCID-e297-qujn-gyc2"},{"vulnerability":"VCID-gbzu-517w-d7dy"},{"vulnerability":"VCID-y3s2-bbsx-hqg7"},{"vulnerability":"VCID-yhpw-88cq-f3ap"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/xmldom@0.5.0"}],"aliases":["CVE-2021-21366","GHSA-h6q6-9hqw-rwfv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wsc2-qd4d-6fbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209369?format=json","vulnerability_id":"VCID-y3s2-bbsx-hqg7","summary":"A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states \"we are in the process of marking this report as invalid\"; however, some third parties takes the position that \"A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37616","reference_id":"","reference_type":"","scores":[{"value":"0.01245","scoring_system":"epss","scoring_elements":"0.79778","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01245","scoring_system":"epss","scoring_elements":"0.797","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01245","scoring_system":"epss","scoring_elements":"0.79784","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01245","scoring_system":"epss","scoring_elements":"0.79766","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37616"},{"reference_url":"https://github.com/xmldom/xmldom","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom"},{"reference_url":"https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L1"},{"reference_url":"https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/blob/bc36efddf9948aba15618f85dc1addfc2ac9d7b2/lib/dom.js#L3"},{"reference_url":"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md#076","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md#076"},{"reference_url":"https://github.com/xmldom/xmldom/issues/436","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/issues/436"},{"reference_url":"https://github.com/xmldom/xmldom/issues/436#issuecomment-1327776560","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/issues/436#issuecomment-1327776560"},{"reference_url":"https://github.com/xmldom/xmldom/pull/437","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/pull/437"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00023.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00023.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021618","reference_id":"1021618","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021618"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37616","reference_id":"CVE-2022-37616","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37616"},{"reference_url":"https://github.com/advisories/GHSA-9pgh-qqpf-7wqj","reference_id":"GHSA-9pgh-qqpf-7wqj","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9pgh-qqpf-7wqj"},{"reference_url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj","reference_id":"GHSA-9pgh-qqpf-7wqj","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj"},{"reference_url":"https://usn.ubuntu.com/6102-1/","reference_id":"USN-6102-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6102-1/"}],"fixed_packages":[],"aliases":["CVE-2022-37616","GHSA-9pgh-qqpf-7wqj"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3s2-bbsx-hqg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168298?format=json","vulnerability_id":"VCID-yhpw-88cq-f3ap","summary":"xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39353.json","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-39353.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39353","reference_id":"","reference_type":"","scores":[{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77728","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77735","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77721","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77653","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39353"},{"reference_url":"https://github.com/xmldom/xmldom","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom"},{"reference_url":"https://github.com/xmldom/xmldom/commit/52a708360c35aa160fcca8621720d71fd0f95f1a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/commit/52a708360c35aa160fcca8621720d71fd0f95f1a"},{"reference_url":"https://github.com/xmldom/xmldom/commit/7ff7c10ab2961703ac1752e95b4ff60ee4ee6643","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/commit/7ff7c10ab2961703ac1752e95b4ff60ee4ee6643"},{"reference_url":"https://github.com/xmldom/xmldom/commit/c02f786216bed70825f9a351c65e61500f51e931","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/commit/c02f786216bed70825f9a351c65e61500f51e931"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.7.7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.7.7"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.8.4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.8.4"},{"reference_url":"https://github.com/xmldom/xmldom/releases/tag/0.9.0-beta.4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/xmldom/xmldom/releases/tag/0.9.0-beta.4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024736","reference_id":"1024736","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024736"},{"reference_url":"https://github.com/jindw/xmldom/issues/150","reference_id":"150","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:39:20Z/"}],"url":"https://github.com/jindw/xmldom/issues/150"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142450","reference_id":"2142450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142450"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39353","reference_id":"CVE-2022-39353","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39353"},{"reference_url":"https://github.com/advisories/GHSA-crh6-fp67-6883","reference_id":"GHSA-crh6-fp67-6883","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crh6-fp67-6883"},{"reference_url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883","reference_id":"GHSA-crh6-fp67-6883","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:39:20Z/"}],"url":"https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:39:20Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00000.html"},{"reference_url":"https://usn.ubuntu.com/6102-1/","reference_id":"USN-6102-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6102-1/"}],"fixed_packages":[],"aliases":["CVE-2022-39353","GHSA-crh6-fp67-6883","GMS-2022-6112","GMS-2022-6132"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhpw-88cq-f3ap"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/xmldom@0.1.12"}