{"url":"http://public2.vulnerablecode.io/api/packages/929230?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie","type":"deb","namespace":"debian","name":"libxml2","version":"2.9.10+dfsg-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.9.10+dfsg-2.1","latest_non_vulnerable_version":"2.15.2+dfsg-0.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8546?format=json","vulnerability_id":"VCID-azzy-m5pc-qudn","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\nparser.c in libxml2 does not prevent infinite recursion in parameter entities.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16932","reference_id":"","reference_type":"","scores":[{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95784","published_at":"2026-04-16T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95774","published_at":"2026-04-13T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95772","published_at":"2026-04-12T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95773","published_at":"2026-04-11T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95769","published_at":"2026-04-09T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95766","published_at":"2026-04-08T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95757","published_at":"2026-04-07T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95755","published_at":"2026-04-04T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95747","published_at":"2026-04-02T12:55:00Z"},{"value":"0.21989","scoring_system":"epss","scoring_elements":"0.95738","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16932"},{"reference_url":"https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=759579","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=759579"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1714","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1714"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"},{"reference_url":"https://usn.ubuntu.com/3739-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-1"},{"reference_url":"https://usn.ubuntu.com/3739-1/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"https://usn.ubuntu.com/3739-1/"},{"reference_url":"https://usn.ubuntu.com/usn/usn-3504-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/usn/usn-3504-1/"},{"reference_url":"http://xmlsoft.org/news.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/"}],"url":"http://xmlsoft.org/news.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1517316","reference_id":"1517316","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1517316"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613","reference_id":"882613","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16932","reference_id":"CVE-2017-16932","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16932"},{"reference_url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html","reference_id":"CVE-2017-16932.HTML","reference_type":"","scores":[],"url":"https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html"},{"reference_url":"https://github.com/advisories/GHSA-x2fm-93ww-ggvx","reference_id":"GHSA-x2fm-93ww-ggvx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2fm-93ww-ggvx"},{"reference_url":"https://usn.ubuntu.com/3504-1/","reference_id":"USN-3504-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3504-1/"},{"reference_url":"https://usn.ubuntu.com/3504-2/","reference_id":"USN-3504-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3504-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929230?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2017-16932","GHSA-x2fm-93ww-ggvx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azzy-m5pc-qudn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9630?format=json","vulnerability_id":"VCID-bejh-22y7-kuh6","summary":"NULL Pointer Dereference\nA NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1543","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1543"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14404","reference_id":"","reference_type":"","scores":[{"value":"0.18492","scoring_system":"epss","scoring_elements":"0.95206","published_at":"2026-04-01T12:55:00Z"},{"value":"0.18492","scoring_system":"epss","scoring_elements":"0.95218","published_at":"2026-04-02T12:55:00Z"},{"value":"0.18492","scoring_system":"epss","scoring_elements":"0.9522","published_at":"2026-04-04T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95464","published_at":"2026-04-09T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95478","published_at":"2026-04-16T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95469","published_at":"2026-04-13T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95468","published_at":"2026-04-12T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95461","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20012","scoring_system":"epss","scoring_elements":"0.95454","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14404"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595985","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1595985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1785","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1785"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/issues/10","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/issues/10"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190719-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0002/","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190719-0002/"},{"reference_url":"https://usn.ubuntu.com/3739-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-1"},{"reference_url":"https://usn.ubuntu.com/3739-1/","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://usn.ubuntu.com/3739-1/"},{"reference_url":"https://usn.ubuntu.com/3739-2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14404","reference_id":"CVE-2018-14404","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14404"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml","reference_id":"CVE-2018-14404.YML","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml"},{"reference_url":"https://github.com/advisories/GHSA-6qvp-r6r3-9p7h","reference_id":"GHSA-6qvp-r6r3-9p7h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6qvp-r6r3-9p7h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1827","reference_id":"RHSA-2020:1827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1827"},{"reference_url":"https://usn.ubuntu.com/3739-2/","reference_id":"USN-3739-2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/"}],"url":"https://usn.ubuntu.com/3739-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929230?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2018-14404","GHSA-6qvp-r6r3-9p7h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bejh-22y7-kuh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7551?format=json","vulnerability_id":"VCID-qtp3-a1g7-8kgw","summary":"Improper Restriction of XML External Entity Reference\nlibxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9318","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31055","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31068","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31023","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32722","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32769","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32901","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32735","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32866","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3896","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38972","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9318"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395609","reference_id":"1395609","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395609"},{"reference_url":"https://github.com/lsh123/xmlsec/issues/43","reference_id":"43","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/"}],"url":"https://github.com/lsh123/xmlsec/issues/43"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581","reference_id":"844581","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581"},{"reference_url":"http://www.securityfocus.com/bid/94347","reference_id":"94347","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/"}],"url":"http://www.securityfocus.com/bid/94347"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9318","reference_id":"CVE-2016-9318","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9318"},{"reference_url":"https://bugzilla.gnome.org/show_bug.cgi?id=772726","reference_id":"show_bug.cgi?id=772726","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/"}],"url":"https://bugzilla.gnome.org/show_bug.cgi?id=772726"},{"reference_url":"https://usn.ubuntu.com/3739-2/","reference_id":"USN-3739-2","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/"}],"url":"https://usn.ubuntu.com/3739-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929230?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2016-9318"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtp3-a1g7-8kgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9765?format=json","vulnerability_id":"VCID-t53m-6vvr-27cf","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\nlibxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14567","reference_id":"","reference_type":"","scores":[{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71451","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71459","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71476","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71449","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71489","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71501","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71524","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71508","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.7149","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71536","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1619875","reference_id":"1619875","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1619875"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14567","reference_id":"CVE-2018-14567","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929230?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2018-14567"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t53m-6vvr-27cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81686?format=json","vulnerability_id":"VCID-ugyh-dycm-3bc3","summary":"libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19956","reference_id":"","reference_type":"","scores":[{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36116","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3601","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36204","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36231","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36066","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36115","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36133","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.3614","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36102","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00154","scoring_system":"epss","scoring_elements":"0.36075","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788856","reference_id":"1788856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788856"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549","reference_id":"5a02583c7e683896d84878bd90641d8d9b0d0549","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","reference_id":"5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19956","reference_id":"CVE-2019-19956","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19956"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","reference_id":"JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html","reference_id":"msg00032.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200114-0002/","reference_id":"ntap-20200114-0002","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200114-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3996","reference_id":"RHSA-2020:3996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4479","reference_id":"RHSA-2020:4479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929230?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2019-19956"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugyh-dycm-3bc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8947?format=json","vulnerability_id":"VCID-wc4g-sxyq-ubcd","summary":"Allocation of Resources Without Limits or Throttling\nThe xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18258","reference_id":"","reference_type":"","scores":[{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73914","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73872","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73824","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.7388","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73898","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73863","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73858","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.73833","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18258"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10284"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0001","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190719-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190719-0001/"},{"reference_url":"https://usn.ubuntu.com/3739-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3739-1"},{"reference_url":"https://usn.ubuntu.com/3739-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3739-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1566749","reference_id":"1566749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1566749"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245","reference_id":"895245","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245"},{"reference_url":"https://security.archlinux.org/AVG-671","reference_id":"AVG-671","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-671"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18258","reference_id":"CVE-2017-18258","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-18258"},{"reference_url":"https://github.com/advisories/GHSA-882p-jqgm-f45g","reference_id":"GHSA-882p-jqgm-f45g","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-882p-jqgm-f45g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1190","reference_id":"RHSA-2020:1190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/929230?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929198?format=json","purl":"pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929196?format=json","purl":"pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929200?format=json","purl":"pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-62bb-e8vk-7uh4"},{"vulnerability":"VCID-d1ar-1945-sygd"},{"vulnerability":"VCID-knx8-5fpz-zbgn"},{"vulnerability":"VCID-nj3a-zqw9-6bga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929199?format=json","purl":"pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie"}],"aliases":["CVE-2017-18258","GHSA-882p-jqgm-f45g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4g-sxyq-ubcd"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-2%3Fdistro=trixie"}