{"url":"http://public2.vulnerablecode.io/api/packages/929206?format=json","purl":"pkg:deb/debian/libxml2@0?distro=trixie","type":"deb","namespace":"debian","name":"libxml2","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.6.6-1","latest_non_vulnerable_version":"2.15.2+dfsg-0.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9692?format=json","vulnerability_id":"VCID-4gyr-nwyy-qfeq","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nIt was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9597.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9597.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9597","reference_id":"","reference_type":"","scores":[{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78656","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78496","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78529","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78536","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78551","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78566","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.7859","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78606","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78603","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78619","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01251","scoring_system":"epss","scoring_elements":"0.79289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01251","scoring_system":"epss","scoring_elements":"0.79361","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01251","scoring_system":"epss","scoring_elements":"0.79296","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01251","scoring_system":"epss","scoring_elements":"0.7932","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01251","scoring_system":"epss","scoring_elements":"0.79306","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01251","scoring_system":"epss","scoring_elements":"0.79331","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01251","scoring_system":"epss","scoring_elements":"0.79341","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01251","scoring_system":"epss","scoring_elements":"0.79365","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01251","scoring_system":"epss","scoring_elements":"0.79349","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01251","scoring_system":"epss","scoring_elements":"0.79339","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01251","scoring_system":"epss","scoring_elements":"0.79366","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9597"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/98567","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98567"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1408305","reference_id":"1408305","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1408305"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9597","reference_id":"CVE-2016-9597","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9597"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929206?format=json","purl":"pkg:deb/debian/libxml2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2016-9597"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gyr-nwyy-qfeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8928?format=json","vulnerability_id":"VCID-8pzj-mq5r-rqcq","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\nThe xz_decomp function in xzlib.c in libxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9251.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9251.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9251","reference_id":"","reference_type":"","scores":[{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.735","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73723","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73681","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73643","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73665","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73509","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73531","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73503","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73539","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73553","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73576","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73559","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73551","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73595","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73604","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73597","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.7363","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73639","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73638","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73633","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00772","scoring_system":"epss","scoring_elements":"0.73658","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-9251"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=794914","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=794914"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1565318","reference_id":"1565318","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1565318"},{"reference_url":"https://security.archlinux.org/ASA-201810-3","reference_id":"ASA-201810-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201810-3"},{"reference_url":"https://security.archlinux.org/ASA-201810-4","reference_id":"ASA-201810-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201810-4"},{"reference_url":"https://security.archlinux.org/AVG-672","reference_id":"AVG-672","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-672"},{"reference_url":"https://security.archlinux.org/AVG-673","reference_id":"AVG-673","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-673"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-9251","reference_id":"CVE-2018-9251","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-9251"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1827","reference_id":"RHSA-2020:1827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1827"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929206?format=json","purl":"pkg:deb/debian/libxml2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2018-9251"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8pzj-mq5r-rqcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6819?format=json","vulnerability_id":"VCID-a28u-yu15-3qa6","summary":"Use After Free\nMultiple use-after-free vulnerabilities in libxml2 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00109.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00109.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-06/msg00081.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-06/msg00081.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1969.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1969","reference_id":"","reference_type":"","scores":[{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76588","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76355","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76358","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76388","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.7637","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76402","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76417","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76442","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.7642","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76415","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76456","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.7646","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76445","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76479","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76486","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76498","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76485","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76514","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76532","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.7652","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00954","scoring_system":"epss","scoring_elements":"0.76537","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1969"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=690202","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=690202"},{"reference_url":"http://secunia.com/advisories/53061","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/53061"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f","reference_id":"","reference_type":"","scores":[],"url":"https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/04/17/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/04/17/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/04/19/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/04/19/1"},{"reference_url":"http://www.ubuntu.com/usn/USN-1817-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1817-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=953722","reference_id":"953722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=953722"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1969","reference_id":"CVE-2013-1969","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1969"},{"reference_url":"https://security.gentoo.org/glsa/201311-06","reference_id":"GLSA-201311-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-06"},{"reference_url":"https://security.gentoo.org/glsa/201412-11","reference_id":"GLSA-201412-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-11"},{"reference_url":"https://usn.ubuntu.com/1817-1/","reference_id":"USN-1817-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1817-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929206?format=json","purl":"pkg:deb/debian/libxml2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2013-1969"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a28u-yu15-3qa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9767?format=json","vulnerability_id":"VCID-b828-btkm-tufv","summary":"Uncontrolled Resource Consumption\nlibxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9596.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9596.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9596","reference_id":"","reference_type":"","scores":[{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.716","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71349","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71357","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71375","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.7139","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71403","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71426","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71411","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71393","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71439","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71445","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71476","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71483","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71487","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71475","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71511","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71548","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71513","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71543","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9596"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1408302","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1408302"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9596","reference_id":"CVE-2016-9596","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9596"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929206?format=json","purl":"pkg:deb/debian/libxml2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2016-9596"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b828-btkm-tufv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72598?format=json","vulnerability_id":"VCID-bmv8-f7rb-43dc","summary":"libxml2: XXE vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40896.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40896.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40896","reference_id":"","reference_type":"","scores":[{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68247","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68115","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.6816","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68197","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68164","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.6819","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68012","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68009","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.6806","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68075","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68099","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68085","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68051","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68088","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.681","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68083","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68125","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68134","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00553","scoring_system":"epss","scoring_elements":"0.68141","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40896"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6","reference_id":"1a8932303969907f6572b1b6aac4081c56adb5c6","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-24T02:10:22Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2333871","reference_id":"2333871","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2333871"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/761","reference_id":"761","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-24T02:10:22Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/761"},{"reference_url":"https://usn.ubuntu.com/7215-1/","reference_id":"USN-7215-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7215-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929206?format=json","purl":"pkg:deb/debian/libxml2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2024-40896"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bmv8-f7rb-43dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68081?format=json","vulnerability_id":"VCID-drf1-ktzv-a3dk","summary":"libxml2: Libxml2 out of bounds read","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26434.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26434.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26434","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00391","published_at":"2026-04-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00369","published_at":"2026-04-18T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00392","published_at":"2026-05-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00389","published_at":"2026-04-29T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00395","published_at":"2026-05-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00387","published_at":"2026-05-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0038","published_at":"2026-04-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00377","published_at":"2026-04-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00375","published_at":"2026-04-11T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00371","published_at":"2026-04-12T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00365","published_at":"2026-04-16T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00393","published_at":"2026-04-26T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00474","published_at":"2026-05-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00476","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26434"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393475","reference_id":"2393475","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2393475"},{"reference_url":"https://source.android.com/security/bulletin/android-16","reference_id":"android-16","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-05T16:44:27Z/"}],"url":"https://source.android.com/security/bulletin/android-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7519","reference_id":"RHSA-2026:7519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7519"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929206?format=json","purl":"pkg:deb/debian/libxml2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-26434"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-drf1-ktzv-a3dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69451?format=json","vulnerability_id":"VCID-eqva-5dwq-d7cw","summary":"libxml: Null pointer dereference leads to Denial of service (DoS)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49795.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49795","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35994","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36079","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36024","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36109","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35945","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36017","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68122","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68089","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00566","scoring_system":"epss","scoring_elements":"0.68497","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00566","scoring_system":"epss","scoring_elements":"0.68511","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.74727","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.74708","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.74741","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.74716","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.74639","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.74674","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.7468","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.74686","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.74682","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00834","scoring_system":"epss","scoring_elements":"0.74781","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49795"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372379","reference_id":"2372379","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:30:23Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372379"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/932","reference_id":"932","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:30:23Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/932"},{"reference_url":"https://security.archlinux.org/AVG-2898","reference_id":"AVG-2898","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2898"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1","reference_id":"cpe:/a:redhat:hummingbird:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1","reference_id":"cpe:/a:redhat:jboss_core_services:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-49795","reference_id":"CVE-2025-49795","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:30:23Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-49795"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10630","reference_id":"RHSA-2025:10630","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:30:23Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:10630"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19020","reference_id":"RHSA-2025:19020","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:30:23Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7519","reference_id":"RHSA-2026:7519","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:30:23Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7519"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929206?format=json","purl":"pkg:deb/debian/libxml2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2025-49795"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eqva-5dwq-d7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9766?format=json","vulnerability_id":"VCID-gc1r-nauj-1fge","summary":"Out-of-bounds Read\nlibxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2486","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2486"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9598.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9598.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9598","reference_id":"","reference_type":"","scores":[{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71349","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71357","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71375","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.7139","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71403","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71426","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71411","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71393","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71439","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71445","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71425","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71476","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71483","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71487","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71475","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71511","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71548","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71513","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.71543","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00673","scoring_system":"epss","scoring_elements":"0.716","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9598"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1408306","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1408306"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9598","reference_id":"CVE-2016-9598","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9598"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929206?format=json","purl":"pkg:deb/debian/libxml2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2016-9598"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gc1r-nauj-1fge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50173?format=json","vulnerability_id":"VCID-rbdy-dm61-jkdw","summary":"Multiple vulnerabilities in libxml2 might lead to execution of arbitrary\n    code or Denial of Service.","references":[{"reference_url":"http://bugzilla.gnome.org/show_bug.cgi?id=554660","reference_id":"","reference_type":"","scores":[],"url":"http://bugzilla.gnome.org/show_bug.cgi?id=554660"},{"reference_url":"http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"},{"reference_url":"http://openwall.com/lists/oss-security/2008/10/02/4","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2008/10/02/4"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4409.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4409.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4409","reference_id":"","reference_type":"","scores":[{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93612","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93494","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93503","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.9351","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93518","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93521","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93527","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93526","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93546","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93551","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93559","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93564","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93562","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93561","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93568","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93582","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.93593","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11297","scoring_system":"epss","scoring_elements":"0.936","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4409"},{"reference_url":"http://secunia.com/advisories/32130","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32130"},{"reference_url":"http://secunia.com/advisories/32175","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32175"},{"reference_url":"http://secunia.com/advisories/32974","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/32974"},{"reference_url":"http://secunia.com/advisories/35379","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/35379"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200812-06.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200812-06.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45633","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45633"},{"reference_url":"http://support.apple.com/kb/HT3613","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT3613"},{"reference_url":"http://support.apple.com/kb/HT3639","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT3639"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00125.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00125.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00130.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00130.html"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:212","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:212"},{"reference_url":"http://www.securityfocus.com/bid/31555","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/31555"},{"reference_url":"http://www.vupen.com/english/advisories/2009/1522","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/1522"},{"reference_url":"http://www.vupen.com/english/advisories/2009/1621","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/1621"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=465756","reference_id":"465756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=465756"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-4409","reference_id":"CVE-2008-4409","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-4409"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/32454.xml","reference_id":"CVE-2008-4409;OSVDB-48754","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/32454.xml"},{"reference_url":"https://www.securityfocus.com/bid/31555/info","reference_id":"CVE-2008-4409;OSVDB-48754","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/31555/info"},{"reference_url":"https://security.gentoo.org/glsa/200812-06","reference_id":"GLSA-200812-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-06"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929206?format=json","purl":"pkg:deb/debian/libxml2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2008-4409"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rbdy-dm61-jkdw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@0%3Fdistro=trixie"}