{"url":"http://public2.vulnerablecode.io/api/packages/938271?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie","type":"deb","namespace":"debian","name":"ruby-nokogiri","version":"1.13.10+dfsg-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.18.2+dfsg-1","latest_non_vulnerable_version":"1.19.1+dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31756?format=json","vulnerability_id":"VCID-64c1-dzhs-u3gj","summary":"Nokogiri has a vulnerability allowing arbitrary execution of code\n    if a certain function is used.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5477","reference_id":"","reference_type":"","scores":[{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90758","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90832","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.9082","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90802","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90784","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90789","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90777","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90779","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90782","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90763","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90765","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90714","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90751","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.9072","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.9073","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90741","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06079","scoring_system":"epss","scoring_elements":"0.90766","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-5477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5477"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-5477.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rexical/CVE-2019-5477.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dc","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/commit/5d30128343573a9428c86efc758ba2c66e9f12dc"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1915","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1915"},{"reference_url":"https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc"},{"reference_url":"https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":""},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926"},{"reference_url":"https://hackerone.com/reports/650835","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/650835"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5477","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5477"},{"reference_url":"https://usn.ubuntu.com/4175-1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4175-1"},{"reference_url":"https://usn.ubuntu.com/4175-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4175-1/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802","reference_id":"934802","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934802"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905","reference_id":"940905","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905"},{"reference_url":"https://github.com/advisories/GHSA-cr5j-953j-xw5p","reference_id":"GHSA-cr5j-953j-xw5p","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr5j-953j-xw5p"},{"reference_url":"https://security.gentoo.org/glsa/202006-05","reference_id":"GLSA-202006-05","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202006-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938277?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.10.4%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.10.4%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938273?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-snr1-kaug-43aa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938271?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938275?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938274?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2019-5477","GHSA-cr5j-953j-xw5p"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64c1-dzhs-u3gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11286?format=json","vulnerability_id":"VCID-8geh-vfns-pfgs","summary":"Improper Restriction of XML External Entity Reference\nNokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41098.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41098.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41098","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48372","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48285","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48348","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00564","scoring_system":"epss","scoring_elements":"0.68489","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00564","scoring_system":"epss","scoring_elements":"0.68441","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00564","scoring_system":"epss","scoring_elements":"0.68463","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00564","scoring_system":"epss","scoring_elements":"0.68449","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00564","scoring_system":"epss","scoring_elements":"0.68411","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00564","scoring_system":"epss","scoring_elements":"0.68444","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00564","scoring_system":"epss","scoring_elements":"0.68456","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00564","scoring_system":"epss","scoring_elements":"0.68413","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00564","scoring_system":"epss","scoring_elements":"0.6843","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00564","scoring_system":"epss","scoring_elements":"0.68362","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00564","scoring_system":"epss","scoring_elements":"0.68501","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00564","scoring_system":"epss","scoring_elements":"0.68495","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68379","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68359","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68398","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41098"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-41098.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-41098.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008914","reference_id":"2008914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008914"},{"reference_url":"https://security.archlinux.org/AVG-2424","reference_id":"AVG-2424","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2424"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41098","reference_id":"CVE-2021-41098","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41098"},{"reference_url":"https://github.com/advisories/GHSA-2rr5-8q37-2w7h","reference_id":"GHSA-2rr5-8q37-2w7h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rr5-8q37-2w7h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938276?format=json","purl":"pkg:deb/debian/ruby-nokogiri@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938273?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-snr1-kaug-43aa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938271?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938275?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938274?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2021-41098","GHSA-2rr5-8q37-2w7h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8geh-vfns-pfgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30055?format=json","vulnerability_id":"VCID-8zyc-vw5k-wqaw","summary":"sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow\n### Withdrawn Advisory\n\nThis advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references.\n\n### Original Description\n\nA vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6494","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07284","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07346","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07418","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07429","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07442","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07432","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07307","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07325","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21675","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21535","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2145","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21383","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21478","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2149","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21496","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21644","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6494"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/"}],"url":"https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/3508","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/"}],"url":"https://github.com/sparklemotion/nokogiri/issues/3508"},{"reference_url":"https://github.com/sparklemotion/nokogiri/pull/3524","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/"}],"url":"https://github.com/sparklemotion/nokogiri/pull/3524"},{"reference_url":"https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/"}],"url":"https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6494","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6494"},{"reference_url":"https://vuldb.com/?ctiid.313611","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/"}],"url":"https://vuldb.com/?ctiid.313611"},{"reference_url":"https://vuldb.com/?id.313611","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/"}],"url":"https://vuldb.com/?id.313611"},{"reference_url":"https://vuldb.com/?submit.601006","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T15:08:50Z/"}],"url":"https://vuldb.com/?submit.601006"},{"reference_url":"https://github.com/advisories/GHSA-jc9r-qcgw-fxq9","reference_id":"GHSA-jc9r-qcgw-fxq9","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc9r-qcgw-fxq9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938276?format=json","purl":"pkg:deb/debian/ruby-nokogiri@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938273?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-snr1-kaug-43aa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938271?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938275?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938274?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2025-6494","GHSA-jc9r-qcgw-fxq9"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zyc-vw5k-wqaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13709?format=json","vulnerability_id":"VCID-9wgc-swf9-z7hq","summary":"Inefficient Regular Expression Complexity\nNokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24836","reference_id":"","reference_type":"","scores":[{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80139","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80124","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80102","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80088","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80015","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80018","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80035","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80006","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80072","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.79978","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80067","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80038","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.80039","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0134","scoring_system":"epss","scoring_elements":"0.8001","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01377","scoring_system":"epss","scoring_elements":"0.80208","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01377","scoring_system":"epss","scoring_elements":"0.80287","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01377","scoring_system":"epss","scoring_elements":"0.80228","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24836"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24836"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2022/Dec/23"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-24836.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ?utm_medium=email&utm_source=footer"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DHCOWMA5PQTIQIMDENA7R2Y5BDYAIYM/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUPLBUZVM4WPFSXBEP2JS3R6LMKRTLFC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMDCWRQXJQ3TFSETPCEFMQ6RR6ME5UA3/"},{"reference_url":"https://security.gentoo.org/glsa/202208-29","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202208-29"},{"reference_url":"https://support.apple.com/kb/HT213532","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT213532"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787","reference_id":"1009787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074346","reference_id":"2074346","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074346"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24836","reference_id":"CVE-2022-24836","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24836"},{"reference_url":"https://github.com/advisories/GHSA-crjr-9rc5-ghw8","reference_id":"GHSA-crjr-9rc5-ghw8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crjr-9rc5-ghw8"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8","reference_id":"GHSA-crjr-9rc5-ghw8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8506","reference_id":"RHSA-2022:8506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8506"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938273?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-snr1-kaug-43aa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938281?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938280?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.5%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.5%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938271?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938275?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938274?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2022-24836","GHSA-crjr-9rc5-ghw8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wgc-swf9-z7hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34871?format=json","vulnerability_id":"VCID-eru7-uy2t-d3ef","summary":"A vulnerability has been discovered in Nokogiri, which can lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23476","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45324","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4538","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45303","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45263","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4528","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45199","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46084","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00232","scoring_system":"epss","scoring_elements":"0.46063","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47395","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47363","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47341","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47346","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47332","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47402","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47344","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23476"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-23476.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/"}],"url":"https://github.com/sparklemotion/nokogiri/commit/85410e38410f670cbbc8c5b00d07b843caee88ce"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/"}],"url":"https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:48:08Z/"}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23476","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23476"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2153279","reference_id":"2153279","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2153279"},{"reference_url":"https://github.com/advisories/GHSA-qv4q-mr5r-qprj","reference_id":"GHSA-qv4q-mr5r-qprj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qv4q-mr5r-qprj"},{"reference_url":"https://security.gentoo.org/glsa/202408-13","reference_id":"GLSA-202408-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938276?format=json","purl":"pkg:deb/debian/ruby-nokogiri@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938273?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-snr1-kaug-43aa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938279?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938271?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938275?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938274?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2022-23476","GHSA-qv4q-mr5r-qprj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eru7-uy2t-d3ef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54838?format=json","vulnerability_id":"VCID-gxbt-wyyf-1yg8","summary":"Nokogiri vulnerable to DoS while parsing XML entities\nNokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6461.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6461.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2013-6461","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2013-6461"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6461","reference_id":"","reference_type":"","scores":[{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83963","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83941","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83812","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83979","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83784","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83837","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83797","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83813","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83919","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83914","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83907","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83881","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83883","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83882","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83849","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83854","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.8386","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02046","scoring_system":"epss","scoring_elements":"0.83843","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6461"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90059","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90059"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6461.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6461.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6461","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6461"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2013-6461","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2013-6461"},{"reference_url":"https://web.archive.org/web/20200804224345/https://www.securityfocus.com/bid/64513","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200804224345/https://www.securityfocus.com/bid/64513"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/12/27/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/12/27/2"},{"reference_url":"http://www.securityfocus.com/bid/64513","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/64513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1046664","reference_id":"1046664","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1046664"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-jmhh-w7xp-wg39","reference_id":"GHSA-jmhh-w7xp-wg39","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jmhh-w7xp-wg39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938276?format=json","purl":"pkg:deb/debian/ruby-nokogiri@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938273?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-snr1-kaug-43aa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938271?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938275?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938274?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-6461","GHSA-jmhh-w7xp-wg39","OSV-101458"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gxbt-wyyf-1yg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30122?format=json","vulnerability_id":"VCID-qj6u-xryx-s3ev","summary":"sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow\n### Withdrawn Advisory\n\nThis advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references.\n\n### Original Description\n\nA vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6490","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07325","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07442","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07429","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07284","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07456","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07418","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07346","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07432","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07307","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21496","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21675","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2145","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21383","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21478","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2149","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21644","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21535","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6490"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/"}],"url":"https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/3500","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/"}],"url":"https://github.com/sparklemotion/nokogiri/issues/3500"},{"reference_url":"https://github.com/sparklemotion/nokogiri/pull/3524","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/"}],"url":"https://github.com/sparklemotion/nokogiri/pull/3524"},{"reference_url":"https://github.com/user-attachments/files/19625432/nokogiri_crash.txt","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/"}],"url":"https://github.com/user-attachments/files/19625432/nokogiri_crash.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6490","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-6490"},{"reference_url":"https://vuldb.com/?ctiid.313601","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/"}],"url":"https://vuldb.com/?ctiid.313601"},{"reference_url":"https://vuldb.com/?id.313601","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/"}],"url":"https://vuldb.com/?id.313601"},{"reference_url":"https://vuldb.com/?submit.601005","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"1.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:34:29Z/"}],"url":"https://vuldb.com/?submit.601005"},{"reference_url":"https://github.com/advisories/GHSA-pf9w-gvcf-gv7m","reference_id":"GHSA-pf9w-gvcf-gv7m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pf9w-gvcf-gv7m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938276?format=json","purl":"pkg:deb/debian/ruby-nokogiri@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938273?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-snr1-kaug-43aa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938271?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938275?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938274?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2025-6490","GHSA-pf9w-gvcf-gv7m"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qj6u-xryx-s3ev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47092?format=json","vulnerability_id":"VCID-snr1-kaug-43aa","summary":"Multiple vulnerabilities have been discovered in Nokogiri, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29181","reference_id":"","reference_type":"","scores":[{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.88779","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.88767","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.88751","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.8874","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.88741","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.88735","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.8872","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.88721","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.88724","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.8871","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.88682","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.88717","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.88705","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04183","scoring_system":"epss","scoring_elements":"0.88699","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04293","scoring_system":"epss","scoring_elements":"0.88835","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04293","scoring_system":"epss","scoring_elements":"0.88819","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Dec/23","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2022/Dec/23"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/"}],"url":"https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/"}],"url":"https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/"}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/"}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29181","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29181"},{"reference_url":"https://security.gentoo.org/glsa/202208-29","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202208-29"},{"reference_url":"https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/"}],"url":"https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri"},{"reference_url":"https://support.apple.com/kb/HT213532","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.apple.com/kb/HT213532"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2088684","reference_id":"2088684","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2088684"},{"reference_url":"https://github.com/advisories/GHSA-xh29-r2w5-wx8m","reference_id":"GHSA-xh29-r2w5-wx8m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh29-r2w5-wx8m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8506","reference_id":"RHSA-2022:8506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8506"},{"reference_url":"https://usn.ubuntu.com/7659-1/","reference_id":"USN-7659-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7659-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938282?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.7%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.7%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938271?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938275?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938274?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2022-29181","GHSA-xh29-r2w5-wx8m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snr1-kaug-43aa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33287?format=json","vulnerability_id":"VCID-vhyk-9tbb-quc3","summary":"Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability\n### Severity\n\nNokogiri maintainers have evaluated this as [__Low Severity__ (CVSS3 2.6)](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N).\n\n\n### Description\n\nIn Nokogiri versions <= 1.11.0.rc3, XML Schemas parsed by `Nokogiri::XML::Schema` are **trusted** by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks.\n\nThis behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as **untrusted** by default whenever possible.\n\nPlease note that this security fix was pushed into a new minor version, 1.11.x, rather than a patch release to the 1.10.x branch, because it is a breaking change for some schemas and the risk was assessed to be \"Low Severity\".\n\n\n### Affected Versions\n\nNokogiri `<= 1.10.10` as well as prereleases `1.11.0.rc1`, `1.11.0.rc2`, and `1.11.0.rc3`\n\n\n### Mitigation\n\nThere are no known workarounds for affected versions. Upgrade to Nokogiri `1.11.0.rc4` or later.\n\nIf, after upgrading to `1.11.0.rc4` or later, you wish to re-enable network access for resolution of external resources (i.e., return to the previous behavior):\n\n1. Ensure the input is trusted. Do not enable this option for untrusted input.\n2. When invoking the `Nokogiri::XML::Schema` constructor, pass as the second parameter an instance of `Nokogiri::XML::ParseOptions` with the `NONET` flag turned off.\n\nSo if your previous code was:\n\n``` ruby\n# in v1.11.0.rc3 and earlier, this call allows resources to be accessed over the network\n# but in v1.11.0.rc4 and later, this call will disallow network access for external resources\nschema = Nokogiri::XML::Schema.new(schema)\n\n# in v1.11.0.rc4 and later, the following is equivalent to the code above\n# (the second parameter is optional, and this demonstrates its default value)\nschema = Nokogiri::XML::Schema.new(schema, Nokogiri::XML::ParseOptions::DEFAULT_SCHEMA)\n```\n\nThen you can add the second parameter to indicate that the input is trusted by changing it to:\n\n``` ruby\n# in v1.11.0.rc3 and earlier, this would raise an ArgumentError \n# but in v1.11.0.rc4 and later, this allows resources to be accessed over the network\nschema = Nokogiri::XML::Schema.new(trusted_schema, Nokogiri::XML::ParseOptions.new.nononet)\n```\n\n\n### References\n\n- [This issue's public advisory](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m)\n- [Original Hackerone report (private)](https://hackerone.com/reports/747489)\n- [OWASP description of XXE attack](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing)\n- [OWASP description of SSRF attack](https://www.owasp.org/index.php/Server_Side_Request_Forgery)\n\n\n### Credit \n\nThis vulnerability was independently reported by @eric-therond and @gucki.\n\nThe Nokogiri maintainers would like to thank [HackerOne](https://hackerone.com/nokogiri) for providing a secure, responsible mechanism for reporting, and for providing their fantastic service to us.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26247.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26247","reference_id":"","reference_type":"","scores":[{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72557","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72531","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72502","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72511","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72514","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72506","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72463","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72475","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72376","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72428","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72416","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72399","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72381","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72466","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72425","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72434","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72451","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26247"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-26247.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md#v1110--2021-01-03"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b"},{"reference_url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4"},{"reference_url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m"},{"reference_url":"https://hackerone.com/reports/747489","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/747489"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26247","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26247"},{"reference_url":"https://rubygems.org/gems/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubygems.org/gems/nokogiri"},{"reference_url":"https://security.gentoo.org/glsa/202208-29","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202208-29"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912487","reference_id":"1912487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912487"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967","reference_id":"978967","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978967"},{"reference_url":"https://github.com/advisories/GHSA-vr8q-g5c7-m54m","reference_id":"GHSA-vr8q-g5c7-m54m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vr8q-g5c7-m54m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4702","reference_id":"RHSA-2021:4702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5191","reference_id":"RHSA-2021:5191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5191"},{"reference_url":"https://usn.ubuntu.com/7659-1/","reference_id":"USN-7659-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7659-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938278?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938273?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-snr1-kaug-43aa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938271?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938275?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938274?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2020-26247","GHSA-vr8q-g5c7-m54m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhyk-9tbb-quc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55015?format=json","vulnerability_id":"VCID-xvhw-5776-s3fr","summary":"Nokogiri vulnerable to DoS while parsing XML documents\nNokogiri gem has Denial of Service via infinite loop when parsing XML documents","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6460.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6460.json"},{"reference_url":"https://access.redhat.com/security/cve/cve-2013-6460","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2013-6460"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6460","reference_id":"","reference_type":"","scores":[{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85511","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85487","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85471","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85421","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85529","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85444","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.8544","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85416","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85343","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.8542","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85355","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85374","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85376","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85398","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85472","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02521","scoring_system":"epss","scoring_elements":"0.85463","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6460"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90058","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90058"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6460.yml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2013-6460.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6460","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6460"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2013-6460","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2013-6460"},{"reference_url":"https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513"},{"reference_url":"https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200229074427/https://www.securityfocus.com/bid/64513/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/12/27/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/12/27/2"},{"reference_url":"http://www.securityfocus.com/bid/64513","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/64513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1046663","reference_id":"1046663","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1046663"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nokogiri:nokogiri:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms_management_engine:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:subscription_asset_manager:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-62qp-3fxm-9wxf","reference_id":"GHSA-62qp-3fxm-9wxf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-62qp-3fxm-9wxf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938276?format=json","purl":"pkg:deb/debian/ruby-nokogiri@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938273?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-snr1-kaug-43aa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938271?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938275?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938274?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2013-6460","GHSA-62qp-3fxm-9wxf","OSV-101179"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvhw-5776-s3fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52034?format=json","vulnerability_id":"VCID-zrsc-vqxk-vkgx","summary":"Nokogiri is vulnerable to XML External Entity (XXE) attack\nNokogiri before 1.5.4 is vulnerable to XXE attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6685.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6685.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6685","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55354","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55355","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55387","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55397","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55376","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55357","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55393","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55314","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55334","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55307","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55255","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55297","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55232","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.5533","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6685"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1178970","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1178970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6685"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/commit/599856367150709497a3a03bee930bd76504d95d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/sparklemotion/nokogiri/commit/599856367150709497a3a03bee930bd76504d95d"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/693","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/693"},{"reference_url":"https://nokogiri.org/CHANGELOG.html#154-2012-06-12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nokogiri.org/CHANGELOG.html#154-2012-06-12"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6685","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6685"},{"reference_url":"https://github.com/advisories/GHSA-6wj9-77wq-jq7p","reference_id":"GHSA-6wj9-77wq-jq7p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6wj9-77wq-jq7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/938272?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.5.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.5.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938273?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.11.1%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-snr1-kaug-43aa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.11.1%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938271?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.13.10%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938275?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.18.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.18.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/938274?format=json","purl":"pkg:deb/debian/ruby-nokogiri@1.19.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.19.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2012-6685","GHSA-6wj9-77wq-jq7p","OSV-90946"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrsc-vqxk-vkgx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ruby-nokogiri@1.13.10%252Bdfsg-2%3Fdistro=trixie"}