{"url":"http://public2.vulnerablecode.io/api/packages/571880?format=json","purl":"pkg:deb/debian/xml-security-c@1.4.0-3%2Blenny3","type":"deb","namespace":"debian","name":"xml-security-c","version":"1.4.0-3+lenny3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.7.3-4+deb9u3","latest_non_vulnerable_version":"1.7.3-4+deb9u3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54862?format=json","vulnerability_id":"VCID-5vfa-7ndh-ubg5","summary":"several","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2154","reference_id":"","reference_type":"","scores":[{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82076","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82097","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82093","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.8212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82127","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82146","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82137","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82129","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82166","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.8217","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82192","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82203","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82206","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01673","scoring_system":"epss","scoring_elements":"0.82222","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2156","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2156"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571882?format=json","purl":"pkg:deb/debian/xml-security-c@1.6.1-5%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vfa-7ndh-ubg5"},{"vulnerability":"VCID-f468-uhj2-2bdv"},{"vulnerability":"VCID-jf41-fevz-rbcc"},{"vulnerability":"VCID-x1wh-fjsq-4yak"},{"vulnerability":"VCID-x9wc-g2hh-w7dc"},{"vulnerability":"VCID-yab9-4unt-nfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.6.1-5%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037543?format=json","purl":"pkg:deb/debian/xml-security-c@1.7.2-2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yab9-4unt-nfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.7.2-2~bpo70%252B1"}],"aliases":["CVE-2013-2154"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5vfa-7ndh-ubg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92174?format=json","vulnerability_id":"VCID-9tws-us7w-yfhq","summary":"Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2516","reference_id":"","reference_type":"","scores":[{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91634","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91642","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91648","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91656","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91669","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91675","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91679","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91681","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91678","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91699","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91691","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91697","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91695","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91693","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07303","scoring_system":"epss","scoring_elements":"0.91705","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2516"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632973","reference_id":"632973","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632973"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571882?format=json","purl":"pkg:deb/debian/xml-security-c@1.6.1-5%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vfa-7ndh-ubg5"},{"vulnerability":"VCID-f468-uhj2-2bdv"},{"vulnerability":"VCID-jf41-fevz-rbcc"},{"vulnerability":"VCID-x1wh-fjsq-4yak"},{"vulnerability":"VCID-x9wc-g2hh-w7dc"},{"vulnerability":"VCID-yab9-4unt-nfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.6.1-5%252Bdeb7u2"}],"aliases":["CVE-2011-2516"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tws-us7w-yfhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54905?format=json","vulnerability_id":"VCID-f468-uhj2-2bdv","summary":"heap overflow","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2210","reference_id":"","reference_type":"","scores":[{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81436","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81446","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81467","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81465","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81493","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81498","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81519","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81506","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81499","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81536","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81537","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81538","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.8156","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81569","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81574","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01564","scoring_system":"epss","scoring_elements":"0.81591","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2210"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714241","reference_id":"714241","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714241"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571882?format=json","purl":"pkg:deb/debian/xml-security-c@1.6.1-5%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vfa-7ndh-ubg5"},{"vulnerability":"VCID-f468-uhj2-2bdv"},{"vulnerability":"VCID-jf41-fevz-rbcc"},{"vulnerability":"VCID-x1wh-fjsq-4yak"},{"vulnerability":"VCID-x9wc-g2hh-w7dc"},{"vulnerability":"VCID-yab9-4unt-nfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.6.1-5%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037543?format=json","purl":"pkg:deb/debian/xml-security-c@1.7.2-2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yab9-4unt-nfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.7.2-2~bpo70%252B1"}],"aliases":["CVE-2013-2210"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f468-uhj2-2bdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54863?format=json","vulnerability_id":"VCID-jf41-fevz-rbcc","summary":"several","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2155","reference_id":"","reference_type":"","scores":[{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81442","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81453","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81474","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81471","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81499","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81505","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81525","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81512","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81542","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81543","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81545","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81567","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81576","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81581","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01566","scoring_system":"epss","scoring_elements":"0.81599","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2156","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2156"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571882?format=json","purl":"pkg:deb/debian/xml-security-c@1.6.1-5%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vfa-7ndh-ubg5"},{"vulnerability":"VCID-f468-uhj2-2bdv"},{"vulnerability":"VCID-jf41-fevz-rbcc"},{"vulnerability":"VCID-x1wh-fjsq-4yak"},{"vulnerability":"VCID-x9wc-g2hh-w7dc"},{"vulnerability":"VCID-yab9-4unt-nfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.6.1-5%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037543?format=json","purl":"pkg:deb/debian/xml-security-c@1.7.2-2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yab9-4unt-nfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.7.2-2~bpo70%252B1"}],"aliases":["CVE-2013-2155"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jf41-fevz-rbcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54861?format=json","vulnerability_id":"VCID-x1wh-fjsq-4yak","summary":"several","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2153","reference_id":"","reference_type":"","scores":[{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74571","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74575","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74602","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74577","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74609","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74623","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74646","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74626","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74618","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74655","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74662","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74654","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74689","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74695","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74698","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00835","scoring_system":"epss","scoring_elements":"0.74702","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2156","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2156"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571882?format=json","purl":"pkg:deb/debian/xml-security-c@1.6.1-5%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vfa-7ndh-ubg5"},{"vulnerability":"VCID-f468-uhj2-2bdv"},{"vulnerability":"VCID-jf41-fevz-rbcc"},{"vulnerability":"VCID-x1wh-fjsq-4yak"},{"vulnerability":"VCID-x9wc-g2hh-w7dc"},{"vulnerability":"VCID-yab9-4unt-nfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.6.1-5%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037543?format=json","purl":"pkg:deb/debian/xml-security-c@1.7.2-2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yab9-4unt-nfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.7.2-2~bpo70%252B1"}],"aliases":["CVE-2013-2153"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1wh-fjsq-4yak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54864?format=json","vulnerability_id":"VCID-x9wc-g2hh-w7dc","summary":"several","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2156","reference_id":"","reference_type":"","scores":[{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.86958","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.86969","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.86988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.8698","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.87","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.87008","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.87021","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.87016","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.8701","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.87026","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.87029","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.87027","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.87046","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.87052","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.87054","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03204","scoring_system":"epss","scoring_elements":"0.87073","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2156"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2156","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2156"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571882?format=json","purl":"pkg:deb/debian/xml-security-c@1.6.1-5%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vfa-7ndh-ubg5"},{"vulnerability":"VCID-f468-uhj2-2bdv"},{"vulnerability":"VCID-jf41-fevz-rbcc"},{"vulnerability":"VCID-x1wh-fjsq-4yak"},{"vulnerability":"VCID-x9wc-g2hh-w7dc"},{"vulnerability":"VCID-yab9-4unt-nfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.6.1-5%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1037543?format=json","purl":"pkg:deb/debian/xml-security-c@1.7.2-2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yab9-4unt-nfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.7.2-2~bpo70%252B1"}],"aliases":["CVE-2013-2156"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9wc-g2hh-w7dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80115?format=json","vulnerability_id":"VCID-yab9-4unt-nfbj","summary":"security update","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037547?format=json","purl":"pkg:deb/debian/xml-security-c@1.7.3-4%2Bdeb9u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.7.3-4%252Bdeb9u3"}],"aliases":["DSA-4265-1 xml-security-c"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yab9-4unt-nfbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6667?format=json","vulnerability_id":"VCID-z7ht-bq8z-3qgd","summary":"XML signature HMAC truncation authentication bypass\nThis package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0217.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0217","reference_id":"","reference_type":"","scores":[{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83541","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83529","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83605","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.8359","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83581","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83557","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83556","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84512","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84491","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84569","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84495","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84553","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.8455","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84541","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84514","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0217"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=511915","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=511915"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217"},{"reference_url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"},{"reference_url":"https://gitlab.gnome.org/Archive/xmlsec/-/commit/34b349675af9f72eb822837a8772cc1ead7115c7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/Archive/xmlsec/-/commit/34b349675af9f72eb822837a8772cc1ead7115c7"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47526","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47527","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"},{"reference_url":"https://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"},{"reference_url":"https://marc.info/?l=bugtraq&m=125787273209737&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0217","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0217"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2009-1428.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2009-1428.html"},{"reference_url":"https://svn.apache.org/viewvc?revision=794013&view=revision","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?revision=794013&view=revision"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=794013","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=794013"},{"reference_url":"https://www.debian.org/security/2010/dsa-1995","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2010/dsa-1995"},{"reference_url":"https://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"},{"reference_url":"https://www.kb.cert.org/vuls/id/466161","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/466161"},{"reference_url":"https://www.kb.cert.org/vuls/id/MAPG-7TSKXQ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"},{"reference_url":"https://www.kb.cert.org/vuls/id/WDON-7TY529","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/WDON-7TY529"},{"reference_url":"https://www.mandriva.com/security/advisories?name=MDVSA-2009:209","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mandriva.com/security/advisories?name=MDVSA-2009:209"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"},{"reference_url":"https://www.redhat.com/support/errata/RHSA-2009-1694.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/support/errata/RHSA-2009-1694.html"},{"reference_url":"https://www.ubuntu.com/usn/USN-903-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ubuntu.com/usn/USN-903-1"},{"reference_url":"https://www.us-cert.gov/cas/techalerts/TA09-294A.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.us-cert.gov/cas/techalerts/TA09-294A.html"},{"reference_url":"https://www.w3.org/2008/06/xmldsigcore-errata.html#e03","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.w3.org/2008/06/xmldsigcore-errata.html#e03"},{"reference_url":"https://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html"},{"reference_url":"https://bugzilla.redhat.com/CVE-2009-0217","reference_id":"CVE-2009-0217","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/CVE-2009-0217"},{"reference_url":"https://github.com/advisories/GHSA-8hfm-837h-hjg5","reference_id":"GHSA-8hfm-837h-hjg5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8hfm-837h-hjg5"},{"reference_url":"https://security.gentoo.org/glsa/201206-13","reference_id":"GLSA-201206-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-13"},{"reference_url":"https://security.gentoo.org/glsa/201408-19","reference_id":"GLSA-201408-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1200","reference_id":"RHSA-2009:1200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1201","reference_id":"RHSA-2009:1201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1428","reference_id":"RHSA-2009:1428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1636","reference_id":"RHSA-2009:1636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1637","reference_id":"RHSA-2009:1637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1649","reference_id":"RHSA-2009:1649","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1649"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1650","reference_id":"RHSA-2009:1650","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1650"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0043","reference_id":"RHSA-2010:0043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0043"},{"reference_url":"https://usn.ubuntu.com/814-1/","reference_id":"USN-814-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/814-1/"},{"reference_url":"https://usn.ubuntu.com/826-1/","reference_id":"USN-826-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/826-1/"},{"reference_url":"https://usn.ubuntu.com/903-1/","reference_id":"USN-903-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/903-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571881?format=json","purl":"pkg:deb/debian/xml-security-c@1.5.1-3%2Bsqueeze3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5vfa-7ndh-ubg5"},{"vulnerability":"VCID-9tws-us7w-yfhq"},{"vulnerability":"VCID-f468-uhj2-2bdv"},{"vulnerability":"VCID-jf41-fevz-rbcc"},{"vulnerability":"VCID-x1wh-fjsq-4yak"},{"vulnerability":"VCID-x9wc-g2hh-w7dc"},{"vulnerability":"VCID-yab9-4unt-nfbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.5.1-3%252Bsqueeze3"}],"aliases":["CVE-2009-0217","GHSA-8hfm-837h-hjg5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7ht-bq8z-3qgd"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xml-security-c@1.4.0-3%252Blenny3"}