{"url":"http://public2.vulnerablecode.io/api/packages/517736?format=json","purl":"pkg:gem/nokogiri@1.11.7","type":"gem","namespace":"","name":"nokogiri","version":"1.11.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.19.3","latest_non_vulnerable_version":"1.19.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359435?format=json","vulnerability_id":"VCID-14st-5sfb-jfhk","summary":"Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171\n## Summary\n\nNokogiri v1.18.3 upgrades its dependency libxml2 to\n[v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6).\n\nlibxml2 v2.13.6 addresses:\n\n- CVE-2025-24928\n  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847\n- CVE-2024-56171\n   - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828\n\n## Impact\n\n### CVE-2025-24928\n\nStack-buffer overflow is possible when reporting DTD validation\nerrors if the input contains a long (~3kb) QName prefix.\n\n### CVE-2024-56171\n\nUse-after-free is possible during validation against untrusted\nXML Schemas (.xsd) and, potentially, validation of untrusted documents\nagainst trusted Schemas if they make use of `xsd:keyref` in combination\nwith recursively defined types that have additional identity constraints.","references":[{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m"},{"reference_url":"https://github.com/advisories/GHSA-vvfq-8hwr-qm4m","reference_id":"GHSA-vvfq-8hwr-qm4m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vvfq-8hwr-qm4m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377245?format=json","purl":"pkg:gem/nokogiri@1.18.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.3"}],"aliases":["GHSA-vvfq-8hwr-qm4m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-14st-5sfb-jfhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/197186?format=json","vulnerability_id":"VCID-2vtx-kt21-wuac","summary":"xml external entity injection","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41098.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41098.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41098","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48698","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41098"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-41098.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-41098.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41098","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41098"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008914","reference_id":"2008914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008914"},{"reference_url":"https://security.archlinux.org/AVG-2424","reference_id":"AVG-2424","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2424"},{"reference_url":"https://github.com/advisories/GHSA-2rr5-8q37-2w7h","reference_id":"GHSA-2rr5-8q37-2w7h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rr5-8q37-2w7h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382547?format=json","purl":"pkg:gem/nokogiri@1.12.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-49ww-fg7b-zugq"},{"vulnerability":"VCID-8ftz-ajmp-jba8"},{"vulnerability":"VCID-ahe3-n9yg-sqgq"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-dbue-58uu-ybaz"},{"vulnerability":"VCID-df5z-dpbb-r7cv"},{"vulnerability":"VCID-g8h5-nbxj-y7fe"},{"vulnerability":"VCID-gbwe-1wq8-83bf"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-m3bc-ah2t-p3b4"},{"vulnerability":"VCID-nscm-fqz2-fbge"},{"vulnerability":"VCID-pqm3-2t49-rqat"},{"vulnerability":"VCID-s2mc-whzr-sbb8"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-v47q-qyuj-gba7"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-yr3x-bvad-mfcc"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.12.5"}],"aliases":["CVE-2021-41098","GHSA-2rr5-8q37-2w7h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vtx-kt21-wuac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12378?format=json","vulnerability_id":"VCID-49ww-fg7b-zugq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40303","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45982","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nokogiri.org/CHANGELOG.html#1139-2022-10-18","reference_id":"","reference_type":"","scores":[],"url":"https://nokogiri.org/CHANGELOG.html#1139-2022-10-18"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224","reference_id":"1022224","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/21","reference_id":"21","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/21"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136266","reference_id":"2136266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136266"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/24","reference_id":"24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/24"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/25","reference_id":"25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/25"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/26","reference_id":"26","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/26"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/27","reference_id":"27","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/27"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0","reference_id":"c846986356fc149915a74972bf198abc266bc2c0","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40303","reference_id":"CVE-2022-40303","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40303"},{"reference_url":"https://security.gentoo.org/glsa/202210-39","reference_id":"GLSA-202210-39","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-39"},{"reference_url":"https://support.apple.com/kb/HT213531","reference_id":"HT213531","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://support.apple.com/kb/HT213531"},{"reference_url":"https://support.apple.com/kb/HT213533","reference_id":"HT213533","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://support.apple.com/kb/HT213533"},{"reference_url":"https://support.apple.com/kb/HT213534","reference_id":"HT213534","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://support.apple.com/kb/HT213534"},{"reference_url":"https://support.apple.com/kb/HT213535","reference_id":"HT213535","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://support.apple.com/kb/HT213535"},{"reference_url":"https://support.apple.com/kb/HT213536","reference_id":"HT213536","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://support.apple.com/kb/HT213536"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221209-0003/","reference_id":"ntap-20221209-0003","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://security.netapp.com/advisory/ntap-20221209-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0173","reference_id":"RHSA-2023:0173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0338","reference_id":"RHSA-2023:0338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0413","reference_id":"RHSA-2024:0413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0413"},{"reference_url":"https://usn.ubuntu.com/5760-1/","reference_id":"USN-5760-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5760-1/"},{"reference_url":"https://usn.ubuntu.com/5760-2/","reference_id":"USN-5760-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5760-2/"},{"reference_url":"https://usn.ubuntu.com/7659-1/","reference_id":"USN-7659-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7659-1/"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3","reference_id":"v2.10.3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27390?format=json","purl":"pkg:gem/nokogiri@1.13.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-47qk-3n97-wfb7"},{"vulnerability":"VCID-8ftz-ajmp-jba8"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-df5z-dpbb-r7cv"},{"vulnerability":"VCID-gbwe-1wq8-83bf"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.9"}],"aliases":["CVE-2022-40303"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-49ww-fg7b-zugq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211691?format=json","vulnerability_id":"VCID-8ftz-ajmp-jba8","summary":"Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/discussions/3146","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/discussions/3146"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/92721970"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25062","reference_id":"CVE-2024-25062","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25062"},{"reference_url":"https://github.com/advisories/GHSA-xc9x-jj77-9p9j","reference_id":"GHSA-xc9x-jj77-9p9j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xc9x-jj77-9p9j"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j","reference_id":"GHSA-xc9x-jj77-9p9j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml","reference_id":"GHSA-xc9x-jj77-9p9j.yml","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28756?format=json","purl":"pkg:gem/nokogiri@1.15.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.15.6"},{"url":"http://public2.vulnerablecode.io/api/packages/691038?format=json","purl":"pkg:gem/nokogiri@1.16.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/28755?format=json","purl":"pkg:gem/nokogiri@1.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.2"}],"aliases":["GHSA-xc9x-jj77-9p9j","GMS-2024-127"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ftz-ajmp-jba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11508?format=json","vulnerability_id":"VCID-ahe3-n9yg-sqgq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23308","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22511","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489","reference_id":"1006489","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2056913","reference_id":"2056913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2056913"},{"reference_url":"https://security.archlinux.org/AVG-2726","reference_id":"AVG-2726","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2726"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23308","reference_id":"CVE-2022-23308","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23308"},{"reference_url":"https://security.gentoo.org/glsa/202210-03","reference_id":"GLSA-202210-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0899","reference_id":"RHSA-2022:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1389","reference_id":"RHSA-2022:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1390","reference_id":"RHSA-2022:1390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1390"},{"reference_url":"https://usn.ubuntu.com/5324-1/","reference_id":"USN-5324-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5324-1/"},{"reference_url":"https://usn.ubuntu.com/5422-1/","reference_id":"USN-5422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19515?format=json","purl":"pkg:gem/nokogiri@1.13.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-49ww-fg7b-zugq"},{"vulnerability":"VCID-8ftz-ajmp-jba8"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-dbue-58uu-ybaz"},{"vulnerability":"VCID-df5z-dpbb-r7cv"},{"vulnerability":"VCID-g8h5-nbxj-y7fe"},{"vulnerability":"VCID-gbwe-1wq8-83bf"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-m3bc-ah2t-p3b4"},{"vulnerability":"VCID-nscm-fqz2-fbge"},{"vulnerability":"VCID-pqm3-2t49-rqat"},{"vulnerability":"VCID-s2mc-whzr-sbb8"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-v47q-qyuj-gba7"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.2"}],"aliases":["CVE-2022-23308"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ahe3-n9yg-sqgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359433?format=json","vulnerability_id":"VCID-bfux-puuz-p3fb","summary":"Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs\n## Summary\n\nNokogiri v1.18.4 upgrades its dependency libxslt to\n[v1.1.43](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43).\n\nlibxslt v1.1.43 resolves:\n\n- CVE-2025-24855: Fix use-after-free of XPath context node\n- CVE-2024-55549: Fix UAF related to excluded namespaces\n\n## Impact\n\n### CVE-2025-24855\n\n- \"Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node\"\n- MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H\n- Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128\n- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855\n\n### CVE-2024-55549\n\n- \"Use-after-free related to excluded result prefixes\"\n- MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H\n- Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127\n- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-mrxw-mxhj-p664","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-mrxw-mxhj-p664"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55549","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55549"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24855","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24855"},{"reference_url":"https://github.com/advisories/GHSA-mrxw-mxhj-p664","reference_id":"GHSA-mrxw-mxhj-p664","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mrxw-mxhj-p664"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377971?format=json","purl":"pkg:gem/nokogiri@1.18.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.4"}],"aliases":["GHSA-mrxw-mxhj-p664"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bfux-puuz-p3fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12379?format=json","vulnerability_id":"VCID-dbue-58uu-ybaz","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40304.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40304.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40304","reference_id":"","reference_type":"","scores":[{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.446","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nokogiri.org/CHANGELOG.html#1139-2022-10-18","reference_id":"","reference_type":"","scores":[],"url":"https://nokogiri.org/CHANGELOG.html#1139-2022-10-18"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225","reference_id":"1022225","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b","reference_id":"1b41ec4e9433b05bb0376be4725804c54ef1d80b","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/21","reference_id":"21","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/21"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136288","reference_id":"2136288","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2136288"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/24","reference_id":"24","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/24"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/25","reference_id":"25","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/25"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/26","reference_id":"26","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/26"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/27","reference_id":"27","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Dec/27"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40304","reference_id":"CVE-2022-40304","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40304"},{"reference_url":"https://security.gentoo.org/glsa/202210-39","reference_id":"GLSA-202210-39","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-39"},{"reference_url":"https://support.apple.com/kb/HT213531","reference_id":"HT213531","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://support.apple.com/kb/HT213531"},{"reference_url":"https://support.apple.com/kb/HT213533","reference_id":"HT213533","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://support.apple.com/kb/HT213533"},{"reference_url":"https://support.apple.com/kb/HT213534","reference_id":"HT213534","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://support.apple.com/kb/HT213534"},{"reference_url":"https://support.apple.com/kb/HT213535","reference_id":"HT213535","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://support.apple.com/kb/HT213535"},{"reference_url":"https://support.apple.com/kb/HT213536","reference_id":"HT213536","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://support.apple.com/kb/HT213536"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221209-0003/","reference_id":"ntap-20221209-0003","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20221209-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0173","reference_id":"RHSA-2023:0173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0338","reference_id":"RHSA-2023:0338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0413","reference_id":"RHSA-2024:0413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0413"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags","reference_id":"tags","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags"},{"reference_url":"https://usn.ubuntu.com/5760-1/","reference_id":"USN-5760-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5760-1/"},{"reference_url":"https://usn.ubuntu.com/5760-2/","reference_id":"USN-5760-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5760-2/"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3","reference_id":"v2.10.3","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27390?format=json","purl":"pkg:gem/nokogiri@1.13.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-47qk-3n97-wfb7"},{"vulnerability":"VCID-8ftz-ajmp-jba8"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-df5z-dpbb-r7cv"},{"vulnerability":"VCID-gbwe-1wq8-83bf"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.9"}],"aliases":["CVE-2022-40304"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dbue-58uu-ybaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359439?format=json","vulnerability_id":"VCID-df5z-dpbb-r7cv","summary":"Update packaged libxml2 to v2.10.4 to resolve multiple CVEs\n### Summary\n\nNokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to\n[v2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4) from v2.10.3.\n\nlibxml2 v2.10.4 addresses the following known vulnerabilities:\n\n- [CVE-2023-29469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469): Hashing of\n  empty dict strings isn't deterministic\n- [CVE-2023-28484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484): Fix null deref\n  in xmlSchemaFixupComplexType\n- Schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK\n\nPlease note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.14.3`,\nand only if the _packaged_ libraries are being used. If you've overridden defaults at installation\ntime to use _system_ libraries instead of packaged libraries, you should instead pay attention to\nyour distro's `libxml2` release announcements.\n\n\n### Mitigation\n\nUpgrade to Nokogiri `>= 1.14.3`.\n\nUsers who are unable to upgrade Nokogiri may also choose a more complicated mitigation: compile\nand link Nokogiri against external libraries libxml2 `>= 2.10.4` which will also address these\nsame issues.\n\n\n### Impact\n\nNo public information has yet been published about the security-related issues other than the\nupstream commits. Examination of those changesets indicate that the more serious issues relate to\nlibxml2 dereferencing NULL pointers and potentially segfaulting while parsing untrusted inputs.\n\nThe commits can be examined at:\n\n- [\\[CVE-2023-29469\\] Hashing of empty dict strings isn't deterministic (09a2dd45)](https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64)\n- [\\[CVE-2023-28484\\] Fix null deref in xmlSchemaFixupComplexType (647e072e)](https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f)\n- [schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK (4c6922f7)](https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6)","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-pxvg-2qj5-37jq"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f"},{"reference_url":"https://github.com/advisories/GHSA-pxvg-2qj5-37jq","reference_id":"GHSA-pxvg-2qj5-37jq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pxvg-2qj5-37jq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379347?format=json","purl":"pkg:gem/nokogiri@1.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-8ftz-ajmp-jba8"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-gbwe-1wq8-83bf"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.14.3"}],"aliases":["GHSA-pxvg-2qj5-37jq","GMS-2023-1115"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-df5z-dpbb-r7cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11849?format=json","vulnerability_id":"VCID-g8h5-nbxj-y7fe","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29181","reference_id":"","reference_type":"","scores":[{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.88956","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29181","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29181"},{"reference_url":"https://support.apple.com/kb/HT213532","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT213532"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2088684","reference_id":"2088684","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2088684"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7","reference_id":"83cc451c3f29df397caa890afc3b714eae6ab8f7","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/"}],"url":"https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267","reference_id":"db05ba9a1bd4b90aa6c76742cf6102a7c7297267","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/"}],"url":"https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267"},{"reference_url":"https://github.com/advisories/GHSA-xh29-r2w5-wx8m","reference_id":"GHSA-xh29-r2w5-wx8m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xh29-r2w5-wx8m"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m","reference_id":"GHSA-xh29-r2w5-wx8m","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/"}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri","reference_id":"GHSL-2022-031_GHSL-2022-032_Nokogiri","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/"}],"url":"https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri"},{"reference_url":"https://security.gentoo.org/glsa/202208-29","reference_id":"GLSA-202208-29","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202208-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8506","reference_id":"RHSA-2022:8506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8506"},{"reference_url":"https://usn.ubuntu.com/7659-1/","reference_id":"USN-7659-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7659-1/"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6","reference_id":"v1.13.6","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/"}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386593?format=json","purl":"pkg:gem/nokogiri@1.13.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-49ww-fg7b-zugq"},{"vulnerability":"VCID-8ftz-ajmp-jba8"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-dbue-58uu-ybaz"},{"vulnerability":"VCID-df5z-dpbb-r7cv"},{"vulnerability":"VCID-gbwe-1wq8-83bf"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.6"}],"aliases":["CVE-2022-29181","GHSA-xh29-r2w5-wx8m"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8h5-nbxj-y7fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211732?format=json","vulnerability_id":"VCID-gbwe-1wq8-83bf","summary":"Duplicate Advisory: Use-after-free in libxml2 via Nokogiri::XML::Reader","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/advisories/GHSA-vcc3-rw6f-jv97","reference_id":"GHSA-vcc3-rw6f-jv97","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcc3-rw6f-jv97"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j","reference_id":"GHSA-xc9x-jj77-9p9j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml","reference_id":"GHSA-xc9x-jj77-9p9j.yml","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-xc9x-jj77-9p9j.yml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28756?format=json","purl":"pkg:gem/nokogiri@1.15.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.15.6"},{"url":"http://public2.vulnerablecode.io/api/packages/28755?format=json","purl":"pkg:gem/nokogiri@1.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.2"}],"aliases":["GHSA-vcc3-rw6f-jv97"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbwe-1wq8-83bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212597?format=json","vulnerability_id":"VCID-m2bp-rxcw-myg9","summary":"Nokogiri does not check the return value from xmlC14NExecute","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/advisories/GHSA-wx95-c6cv-8532","reference_id":"GHSA-wx95-c6cv-8532","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wx95-c6cv-8532"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532","reference_id":"GHSA-wx95-c6cv-8532","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39371?format=json","purl":"pkg:gem/nokogiri@1.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-w48v-grqb-u3gz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.19.1"}],"aliases":["GHSA-wx95-c6cv-8532"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m2bp-rxcw-myg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208746?format=json","vulnerability_id":"VCID-m3bc-ah2t-p3b4","summary":"Out-of-bounds Write in zlib affects Nokogiri","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-25032","reference_id":"CVE-2018-25032","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-25032"},{"reference_url":"https://github.com/advisories/GHSA-jc36-42cf-vqwj","reference_id":"GHSA-jc36-42cf-vqwj","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc36-42cf-vqwj"},{"reference_url":"https://github.com/advisories/GHSA-v6gp-9mmm-c6p5","reference_id":"GHSA-v6gp-9mmm-c6p5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v6gp-9mmm-c6p5"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5","reference_id":"GHSA-v6gp-9mmm-c6p5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19854?format=json","purl":"pkg:gem/nokogiri@1.13.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-49ww-fg7b-zugq"},{"vulnerability":"VCID-8ftz-ajmp-jba8"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-dbue-58uu-ybaz"},{"vulnerability":"VCID-df5z-dpbb-r7cv"},{"vulnerability":"VCID-g8h5-nbxj-y7fe"},{"vulnerability":"VCID-gbwe-1wq8-83bf"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4"}],"aliases":["GHSA-v6gp-9mmm-c6p5","GMS-2022-787"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m3bc-ah2t-p3b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11616?format=json","vulnerability_id":"VCID-nscm-fqz2-fbge","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24836","reference_id":"","reference_type":"","scores":[{"value":"0.01827","scoring_system":"epss","scoring_elements":"0.83305","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24836"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/"},{"reference_url":"https://support.apple.com/kb/HT213532","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT213532"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787","reference_id":"1009787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074346","reference_id":"2074346","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074346"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24836","reference_id":"CVE-2022-24836","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24836"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml","reference_id":"CVE-2022-24836.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml"},{"reference_url":"https://github.com/advisories/GHSA-crjr-9rc5-ghw8","reference_id":"GHSA-crjr-9rc5-ghw8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crjr-9rc5-ghw8"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8","reference_id":"GHSA-crjr-9rc5-ghw8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8"},{"reference_url":"https://security.gentoo.org/glsa/202208-29","reference_id":"GLSA-202208-29","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202208-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8506","reference_id":"RHSA-2022:8506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8506"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19854?format=json","purl":"pkg:gem/nokogiri@1.13.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-49ww-fg7b-zugq"},{"vulnerability":"VCID-8ftz-ajmp-jba8"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-dbue-58uu-ybaz"},{"vulnerability":"VCID-df5z-dpbb-r7cv"},{"vulnerability":"VCID-g8h5-nbxj-y7fe"},{"vulnerability":"VCID-gbwe-1wq8-83bf"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4"}],"aliases":["CVE-2022-24836","GHSA-crjr-9rc5-ghw8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nscm-fqz2-fbge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208748?format=json","vulnerability_id":"VCID-pqm3-2t49-rqat","summary":"Denial of Service (DoS) in Nokogiri on JRuby","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24839","reference_id":"CVE-2022-24839","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24839"},{"reference_url":"https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv","reference_id":"GHSA-9849-p7jc-9rmv","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv"},{"reference_url":"https://github.com/advisories/GHSA-gx8x-g87m-h5q6","reference_id":"GHSA-gx8x-g87m-h5q6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gx8x-g87m-h5q6"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-gx8x-g87m-h5q6","reference_id":"GHSA-gx8x-g87m-h5q6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-gx8x-g87m-h5q6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19854?format=json","purl":"pkg:gem/nokogiri@1.13.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-49ww-fg7b-zugq"},{"vulnerability":"VCID-8ftz-ajmp-jba8"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-dbue-58uu-ybaz"},{"vulnerability":"VCID-df5z-dpbb-r7cv"},{"vulnerability":"VCID-g8h5-nbxj-y7fe"},{"vulnerability":"VCID-gbwe-1wq8-83bf"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4"}],"aliases":["GHSA-gx8x-g87m-h5q6","GMS-2022-786"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqm3-2t49-rqat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5388?format=json","vulnerability_id":"VCID-s2mc-whzr-sbb8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25032","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25385","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220526-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220526-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220729-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220729-0004"},{"reference_url":"https://www.openwall.com/lists/oss-security/2022/03/24/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://www.openwall.com/lists/oss-security/2022/03/24/1"},{"reference_url":"https://www.openwall.com/lists/oss-security/2022/03/28/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://www.openwall.com/lists/oss-security/2022/03/28/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/03/26/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/03/26/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008265","reference_id":"1008265","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008265"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/03/25/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/03/25/2"},{"reference_url":"https://security.gentoo.org/glsa/202210-42","reference_id":"202210-42","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://security.gentoo.org/glsa/202210-42"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067945","reference_id":"2067945","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2067945"},{"reference_url":"https://www.openwall.com/lists/oss-security/2022/03/28/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://www.openwall.com/lists/oss-security/2022/03/28/3"},{"reference_url":"http://seclists.org/fulldisclosure/2022/May/33","reference_id":"33","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"http://seclists.org/fulldisclosure/2022/May/33"},{"reference_url":"http://seclists.org/fulldisclosure/2022/May/35","reference_id":"35","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"http://seclists.org/fulldisclosure/2022/May/35"},{"reference_url":"http://seclists.org/fulldisclosure/2022/May/38","reference_id":"38","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"http://seclists.org/fulldisclosure/2022/May/38"},{"reference_url":"https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531","reference_id":"5c44459c3b28a9bd3283aaceab7c615f8020c531","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531"},{"reference_url":"https://github.com/madler/zlib/issues/605","reference_id":"605","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://github.com/madler/zlib/issues/605"},{"reference_url":"https://security.archlinux.org/ASA-202204-3","reference_id":"ASA-202204-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-3"},{"reference_url":"https://security.archlinux.org/AVG-2657","reference_id":"AVG-2657","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2657"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"cpujul2022.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-25032","reference_id":"CVE-2018-25032","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-25032"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml","reference_id":"CVE-2018-25032.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/","reference_id":"DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/","reference_id":"DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"},{"reference_url":"https://www.debian.org/security/2022/dsa-5111","reference_id":"dsa-5111","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://www.debian.org/security/2022/dsa-5111"},{"reference_url":"https://github.com/advisories/GHSA-jc36-42cf-vqwj","reference_id":"GHSA-jc36-42cf-vqwj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc36-42cf-vqwj"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5","reference_id":"GHSA-v6gp-9mmm-c6p5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5"},{"reference_url":"https://security.gentoo.org/glsa/202405-22","reference_id":"GLSA-202405-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-22"},{"reference_url":"https://support.apple.com/kb/HT213255","reference_id":"HT213255","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://support.apple.com/kb/HT213255"},{"reference_url":"https://support.apple.com/kb/HT213256","reference_id":"HT213256","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://support.apple.com/kb/HT213256"},{"reference_url":"https://support.apple.com/kb/HT213257","reference_id":"HT213257","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://support.apple.com/kb/HT213257"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/","reference_id":"JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html","reference_id":"msg00023.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/","reference_id":"NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220526-0009/","reference_id":"ntap-20220526-0009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220526-0009/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220729-0004/","reference_id":"ntap-20220729-0004","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220729-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1591","reference_id":"RHSA-2022:1591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1642","reference_id":"RHSA-2022:1642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1661","reference_id":"RHSA-2022:1661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2192","reference_id":"RHSA-2022:2192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2197","reference_id":"RHSA-2022:2197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2198","reference_id":"RHSA-2022:2198","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2198"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2201","reference_id":"RHSA-2022:2201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2213","reference_id":"RHSA-2022:2213","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2213"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2214","reference_id":"RHSA-2022:2214","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2214"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4584","reference_id":"RHSA-2022:4584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4592","reference_id":"RHSA-2022:4592","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4845","reference_id":"RHSA-2022:4845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4896","reference_id":"RHSA-2022:4896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5439","reference_id":"RHSA-2022:5439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7813","reference_id":"RHSA-2022:7813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8420","reference_id":"RHSA-2022:8420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0943","reference_id":"RHSA-2023:0943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0975","reference_id":"RHSA-2023:0975","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0975"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0976","reference_id":"RHSA-2023:0976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0976"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf","reference_id":"ssa-333517.pdf","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"},{"reference_url":"https://usn.ubuntu.com/5355-1/","reference_id":"USN-5355-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5355-1/"},{"reference_url":"https://usn.ubuntu.com/5355-2/","reference_id":"USN-5355-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5355-2/"},{"reference_url":"https://usn.ubuntu.com/5359-1/","reference_id":"USN-5359-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5359-1/"},{"reference_url":"https://usn.ubuntu.com/5359-2/","reference_id":"USN-5359-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5359-2/"},{"reference_url":"https://usn.ubuntu.com/5739-1/","reference_id":"USN-5739-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5739-1/"},{"reference_url":"https://usn.ubuntu.com/6736-1/","reference_id":"USN-6736-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6736-1/"},{"reference_url":"https://usn.ubuntu.com/6736-2/","reference_id":"USN-6736-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6736-2/"},{"reference_url":"https://github.com/madler/zlib/compare/v1.2.11...v1.2.12","reference_id":"v1.2.11...v1.2.12","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://github.com/madler/zlib/compare/v1.2.11...v1.2.12"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/","reference_id":"VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/","reference_id":"XOKFMSNQ5D5WGMALBNBXU3GE442V74WU","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:25Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19854?format=json","purl":"pkg:gem/nokogiri@1.13.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-49ww-fg7b-zugq"},{"vulnerability":"VCID-8ftz-ajmp-jba8"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-dbue-58uu-ybaz"},{"vulnerability":"VCID-df5z-dpbb-r7cv"},{"vulnerability":"VCID-g8h5-nbxj-y7fe"},{"vulnerability":"VCID-gbwe-1wq8-83bf"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4"}],"aliases":["CVE-2018-25032","GHSA-jc36-42cf-vqwj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2mc-whzr-sbb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359434?format=json","vulnerability_id":"VCID-tntw-mt23-k7gh","summary":"Nokogiri XSLT transform has a memory leak\n## Summary\n\nNokogiri's `Nokogiri::XSLT::Stylesheet#transform` leaks a small heap allocation when passed a Ruby string parameter containing a null byte.\n\nFor applications that pass attacker-controlled input through `XSLT.transform` parameters, this may be a vector for a denial of service attack against long-running processes.\n\n\n## Mitigation\n\nUpgrade to Nokogiri `>= 1.19.3`.\n\nUsers may also be able to mitigate this issue without upgrading by validating untrusted transform parameters before passing them to `Nokogiri::XSLT::Stylesheet#transform`.\n\n\n## Severity\n\nThe Nokogiri maintainers have evaluated this as **Moderate Severity**, CVSS 5.3.\n\nEach leaked allocation is approximately 24–32 bytes, so meaningful memory growth requires sustained attacker-controlled traffic at high call rates. The bug does not cause memory corruption, information disclosure, or any change in the behavior of the transform itself, and the string-handling exception is raised as expected.\n\nApplications that do not pass raw attacker-controlled bytes to XSLT parameters are unlikely to be affected in practice.\n\n\n## Resources\n\n- [CWE-401: Missing Release of Memory after Effective Lifetime](https://cwe.mitre.org/data/definitions/401.html)\n\n\n## Credit\n\nThis vulnerability was responsibly reported by @Captainjack-kor.","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v2fc-qm4h-8hqv"},{"reference_url":"https://github.com/advisories/GHSA-v2fc-qm4h-8hqv","reference_id":"GHSA-v2fc-qm4h-8hqv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v2fc-qm4h-8hqv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375402?format=json","purl":"pkg:gem/nokogiri@1.19.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.19.3"}],"aliases":["GHSA-v2fc-qm4h-8hqv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tntw-mt23-k7gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359431?format=json","vulnerability_id":"VCID-umph-eaje-7khu","summary":"Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415\n## Summary\n\nNokogiri v1.18.8 upgrades its dependency libxml2 to\n[v2.13.8](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8).\n\nlibxml2 v2.13.8 addresses:\n\n- CVE-2025-32414\n  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/889\n- CVE-2025-32415\n  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/890\n\n## Impact\n\n### CVE-2025-32414: No impact\n\nIn libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds\nmemory access can occur in the Python API (Python bindings) because\nof an incorrect return value. This occurs in xmlPythonFileRead and\nxmlPythonFileReadRaw because of a difference between bytes and characters.\n\n**There is no impact** from this CVE for Nokogiri users.\n\n### CVE-2025-32415: Low impact\n\nIn libxml2 before 2.13.8 and 2.14.x before 2.14.2,\nxmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer\nunder-read. To exploit this, a crafted XML document must be validated\nagainst an XML schema with certain identity constraints, or a\ncrafted XML schema must be used.\n\nIn the upstream issue, further context is provided by the maintainer:\n\n> The bug affects validation against untrusted XML Schemas (.xsd)\n> and validation of untrusted documents against trusted Schemas if\n> they make use of xsd:keyref in combination with recursively\n> defined types that have additional identity constraints.\n\nMITRE has published a severity score of 2.9 LOW\n(CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) for this CVE.","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-5w6v-399v-w3cc"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.8"},{"reference_url":"https://github.com/advisories/GHSA-5w6v-399v-w3cc","reference_id":"GHSA-5w6v-399v-w3cc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5w6v-399v-w3cc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376551?format=json","purl":"pkg:gem/nokogiri@1.18.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.8"}],"aliases":["GHSA-5w6v-399v-w3cc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umph-eaje-7khu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208747?format=json","vulnerability_id":"VCID-v47q-qyuj-gba7","summary":"XML Injection in Xerces Java affects Nokogiri","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23437","reference_id":"CVE-2022-23437","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23437"},{"reference_url":"https://github.com/advisories/GHSA-h65f-jvqw-m9fj","reference_id":"GHSA-h65f-jvqw-m9fj","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h65f-jvqw-m9fj"},{"reference_url":"https://github.com/advisories/GHSA-xxx9-3xcr-gjj3","reference_id":"GHSA-xxx9-3xcr-gjj3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxx9-3xcr-gjj3"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3","reference_id":"GHSA-xxx9-3xcr-gjj3","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19854?format=json","purl":"pkg:gem/nokogiri@1.13.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-49ww-fg7b-zugq"},{"vulnerability":"VCID-8ftz-ajmp-jba8"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-dbue-58uu-ybaz"},{"vulnerability":"VCID-df5z-dpbb-r7cv"},{"vulnerability":"VCID-g8h5-nbxj-y7fe"},{"vulnerability":"VCID-gbwe-1wq8-83bf"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.4"}],"aliases":["GHSA-xxx9-3xcr-gjj3","GMS-2022-788"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v47q-qyuj-gba7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359437?format=json","vulnerability_id":"VCID-vfgg-89r3-aueu","summary":"Nokogiri patches vendored libxml2 to resolve multiple CVEs\n## Summary\n\nNokogiri v1.18.9 patches the vendored libxml2 to address\nCVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795,\nand CVE-2025-49796.\n\n## Impact and severity\n\n### CVE-2025-6021\n\nA flaw was found in libxml2's xmlBuildQName function, where integer\noverflows in buffer size calculations can lead to a stack-based\nbuffer overflow. This issue can result in memory corruption or a\ndenial of service when processing crafted input.\n\nNVD claims a severity of 7.5 High\n(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/17d950ae\n\n### CVE-2025-6170\n\nA flaw was found in the interactive shell of the xmllint command-line\ntool, used for parsing XML files. When a user inputs an overly long\ncommand, the program does not check the input size properly, which\ncan cause it to crash. This issue might allow attackers to run\nharmful code in rare configurations without modern protections.\n\nNVD claims a severity of 2.5 Low\n(CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/5e9ec5c1\n\n### CVE-2025-49794\n\nA use-after-free vulnerability was found in libxml2. This issue\noccurs when parsing XPath elements under certain circumstances when\nthe XML schematron has the <sch:name path=\"...\"/> schema elements.\nThis flaw allows a malicious actor to craft a malicious XML document\nused as input for libxml, resulting in the program's crash using\nlibxml or other possible undefined behaviors.\n\nNVD claims a severity of 9.1 Critical\n(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5\n\n### CVE-2025-49795\n\nA NULL pointer dereference vulnerability was found in libxml2 when\nprocessing XPath XML expressions. This flaw allows an attacker to\ncraft a malicious XML input to libxml2, leading to a denial of service.\n\nNVD claims a severity of 7.5 High\n(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/62048278\n\n### CVE-2025-49796\n\nA vulnerability was found in libxml2. Processing certain sch:name\nelements from the input XML file can trigger a memory corruption\nissue. This flaw allows an attacker to craft a malicious XML input\nfile that can lead libxml to crash, resulting in a denial of service\nor other possible undefined behavior due to sensitive data being\ncorrupted in memory.\n\nNVD claims a severity of 9.1 Critical\n(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)\n\nFixed by applying https://gitlab.gnome.org/GNOME/libxml2/-/commit/81cef8c5\n\n## Affected Versions\n\n- Nokogiri < 1.18.9 when using CRuby (MRI) with vendored libxml2\n\n## Patched Versions\n\n- Nokogiri >= 1.18.9\n\n## Mitigation\n\nUpgrade to Nokogiri v1.18.9 or later.\n\nUsers who are unable to upgrade Nokogiri may also choose a more\ncomplicated mitigation: compile and link Nokogiri against patched\nexternal libxml2 libraries which will also address these same issues.","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/pull/3526","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/pull/3526"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49794","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49794"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49795","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49795"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49796","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49796"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6021","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6021"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6170","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6170"},{"reference_url":"https://github.com/advisories/GHSA-353f-x4gh-cqq8","reference_id":"GHSA-353f-x4gh-cqq8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-353f-x4gh-cqq8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378377?format=json","purl":"pkg:gem/nokogiri@1.18.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-w48v-grqb-u3gz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.9"}],"aliases":["GHSA-353f-x4gh-cqq8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfgg-89r3-aueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359432?format=json","vulnerability_id":"VCID-w48v-grqb-u3gz","summary":"Nokogiri CSS selector tokenizer has regular expression backtracking\n## Summary\n\nNokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release:\n\n1. String-literal tokenization on certain unterminated quoted-string input.\n2. String-literal tokenization on a separate class of hex-escape-rich input.\n3. Identifier tokenization on hex-escape-rich input.\n\nThe public CSS selector methods that funnel through the affected tokenizer are `Nokogiri::CSS.xpath_for`, `Node#css`, `Node#at_css`, `Searchable#search`, and `CSS::Parser#parse`.\n\n\n## Mitigation\n\nUpgrade to Nokogiri `>= 1.19.3`.\n\nIf users are unable to upgrade, two options are available:\n\n- Avoid the use of attacker-controlled text in CSS selectors. Applications that only pass developer-authored selectors to Nokogiri are not directly exposed.\n- Set global `Regexp.timeout` (Ruby 3.2+, JRuby 9.4+) to bound parse time.\n\n## Severity\n\nThe Nokogiri maintainers have evaluated this as **High Severity** (CVSS 7.5, `AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`).\n\nAn attacker able to inject user-supplied text into a CSS selector parse method can cause exponential backtracking, resulting in a potential denial of service.\n\n\n## Resources\n\n- [CWE-1333: Inefficient Regular Expression Complexity](https://cwe.mitre.org/data/definitions/1333.html)\n\n\n## Credit\n\nVector 1 was responsibly reported by @colby-swandale. Vectors 2 and 3 were discovered by @flavorjones during the response to the original report.","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-c4rq-3m3g-8wgx"},{"reference_url":"https://github.com/advisories/GHSA-c4rq-3m3g-8wgx","reference_id":"GHSA-c4rq-3m3g-8wgx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4rq-3m3g-8wgx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375402?format=json","purl":"pkg:gem/nokogiri@1.19.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.19.3"}],"aliases":["GHSA-c4rq-3m3g-8wgx"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w48v-grqb-u3gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211765?format=json","vulnerability_id":"VCID-w7rs-2k33-huft","summary":"Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.16.5"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac53"},{"reference_url":"https://github.com/advisories/GHSA-r95h-9x8f-r3f7","reference_id":"GHSA-r95h-9x8f-r3f7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r95h-9x8f-r3f7"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7","reference_id":"GHSA-r95h-9x8f-r3f7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml","reference_id":"GHSA-r95h-9x8f-r3f7.yml","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31006?format=json","purl":"pkg:gem/nokogiri@1.16.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.5"}],"aliases":["GHSA-r95h-9x8f-r3f7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7rs-2k33-huft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360585?format=json","vulnerability_id":"VCID-xsrn-bd5u-2ufz","summary":"Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-vvfq-8hwr-qm4m. This link is maintained to preserve external references.\n\n# Original Description\n\n## Summary\n\nNokogiri v1.18.3 upgrades its dependency libxml2 to\n[v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6).\n\nlibxml2 v2.13.6 addresses:\n\n- CVE-2025-24928\n  - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847\n- CVE-2024-56171\n   - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828\n\n## Impact\n\n### CVE-2025-24928\n\nStack-buffer overflow is possible when reporting DTD validation\nerrors if the input contains a long (~3kb) QName prefix.\n\n### CVE-2024-56171\n\nUse-after-free is possible during validation against untrusted\nXML Schemas (.xsd) and, potentially, validation of untrusted documents\nagainst trusted Schemas if they make use of `xsd:keyref` in combination\nwith recursively defined types that have additional identity constraints.","references":[{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m"},{"reference_url":"https://github.com/advisories/GHSA-5mwf-688x-mr7x","reference_id":"GHSA-5mwf-688x-mr7x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5mwf-688x-mr7x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377245?format=json","purl":"pkg:gem/nokogiri@1.18.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.18.3"}],"aliases":["GHSA-5mwf-688x-mr7x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsrn-bd5u-2ufz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208286?format=json","vulnerability_id":"VCID-yr3x-bvad-mfcc","summary":"Vulnerable dependencies in Nokogiri","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/advisories/GHSA-fq42-c5rg-92c2","reference_id":"GHSA-fq42-c5rg-92c2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fq42-c5rg-92c2"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2","reference_id":"GHSA-fq42-c5rg-92c2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19515?format=json","purl":"pkg:gem/nokogiri@1.13.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-49ww-fg7b-zugq"},{"vulnerability":"VCID-8ftz-ajmp-jba8"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-dbue-58uu-ybaz"},{"vulnerability":"VCID-df5z-dpbb-r7cv"},{"vulnerability":"VCID-g8h5-nbxj-y7fe"},{"vulnerability":"VCID-gbwe-1wq8-83bf"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-m3bc-ah2t-p3b4"},{"vulnerability":"VCID-nscm-fqz2-fbge"},{"vulnerability":"VCID-pqm3-2t49-rqat"},{"vulnerability":"VCID-s2mc-whzr-sbb8"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-v47q-qyuj-gba7"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-w7rs-2k33-huft"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"},{"vulnerability":"VCID-z2bq-warv-47c1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.13.2"}],"aliases":["GHSA-fq42-c5rg-92c2","GMS-2022-163"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yr3x-bvad-mfcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211769?format=json","vulnerability_id":"VCID-z2bq-warv-47c1","summary":"Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459","references":[{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/advisories/GHSA-r3w4-36x6-7r99","reference_id":"GHSA-r3w4-36x6-7r99","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r3w4-36x6-7r99"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7","reference_id":"GHSA-r95h-9x8f-r3f7","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml","reference_id":"GHSA-r95h-9x8f-r3f7.yml","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-r95h-9x8f-r3f7.yml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31006?format=json","purl":"pkg:gem/nokogiri@1.16.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14st-5sfb-jfhk"},{"vulnerability":"VCID-bfux-puuz-p3fb"},{"vulnerability":"VCID-m2bp-rxcw-myg9"},{"vulnerability":"VCID-tntw-mt23-k7gh"},{"vulnerability":"VCID-umph-eaje-7khu"},{"vulnerability":"VCID-vfgg-89r3-aueu"},{"vulnerability":"VCID-w48v-grqb-u3gz"},{"vulnerability":"VCID-xsrn-bd5u-2ufz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.16.5"}],"aliases":["GHSA-r3w4-36x6-7r99"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z2bq-warv-47c1"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/nokogiri@1.11.7"}