{"url":"http://public2.vulnerablecode.io/api/packages/943487?format=json","purl":"pkg:deb/debian/xmlsec1@1.3.9-1?distro=trixie","type":"deb","namespace":"debian","name":"xmlsec1","version":"1.3.9-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33349?format=json","vulnerability_id":"VCID-12cg-us37-xbh8","summary":"This GLSA contains notification of vulnerabilities found in several\n    Gentoo packages which have been fixed prior to January 1, 2012. The worst\n    of these vulnerabilities could lead to local privilege escalation and\n    remote code execution. Please see the package list and CVE identifiers\n    below for more information.","references":[{"reference_url":"http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780","reference_id":"","reference_type":"","scores":[],"url":"http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780"},{"reference_url":"http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa","reference_id":"","reference_type":"","scores":[],"url":"http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1425.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1425.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1425","reference_id":"","reference_type":"","scores":[{"value":"0.0931","scoring_system":"epss","scoring_elements":"0.92748","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0931","scoring_system":"epss","scoring_elements":"0.9272","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0931","scoring_system":"epss","scoring_elements":"0.92727","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0931","scoring_system":"epss","scoring_elements":"0.92733","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0931","scoring_system":"epss","scoring_elements":"0.9273","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0931","scoring_system":"epss","scoring_elements":"0.9274","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0931","scoring_system":"epss","scoring_elements":"0.92745","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0931","scoring_system":"epss","scoring_elements":"0.9275","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0931","scoring_system":"epss","scoring_elements":"0.92749","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1425"},{"reference_url":"https://bugs.webkit.org/show_bug.cgi?id=52688","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.webkit.org/show_bug.cgi?id=52688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1425","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1425"},{"reference_url":"http://secunia.com/advisories/43920","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/43920"},{"reference_url":"http://secunia.com/advisories/44167","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44167"},{"reference_url":"http://secunia.com/advisories/44423","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44423"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/66506","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/66506"},{"reference_url":"http://trac.webkit.org/changeset/79159","reference_id":"","reference_type":"","scores":[],"url":"http://trac.webkit.org/changeset/79159"},{"reference_url":"http://www.aleksey.com/pipermail/xmlsec/2011/009120.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.aleksey.com/pipermail/xmlsec/2011/009120.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2219","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2011/dsa-2219"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:063","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:063"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0486.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0486.html"},{"reference_url":"http://www.securityfocus.com/bid/47135","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/47135"},{"reference_url":"http://www.securitytracker.com/id?1025284","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1025284"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0855","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0855"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0858","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/0858"},{"reference_url":"http://www.vupen.com/english/advisories/2011/1010","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/1010"},{"reference_url":"http://www.vupen.com/english/advisories/2011/1172","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/1172"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620560","reference_id":"620560","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620560"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=692133","reference_id":"692133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=692133"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.2a:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.2a:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.2a:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:0.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:0.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.0.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.0.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.0.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:aleksey:xml_security_library:1.2.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:aleksey:xml_security_library:1.2.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1425","reference_id":"CVE-2011-1425","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1425"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17993.rb","reference_id":"CVE-2011-1774;OSVDB-74017;CVE-2011-1425;OSVDB-72303","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17993.rb"},{"reference_url":"https://security.gentoo.org/glsa/201412-09","reference_id":"GLSA-201412-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0486","reference_id":"RHSA-2011:0486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0486"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/943490?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.14-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.14-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943486?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.31-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.31-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943484?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.37-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.37-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943488?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.41-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.41-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943487?format=json","purl":"pkg:deb/debian/xmlsec1@1.3.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.3.9-1%3Fdistro=trixie"}],"aliases":["CVE-2011-1425"],"risk_score":9.2,"exploitability":"2.0","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-12cg-us37-xbh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84477?format=json","vulnerability_id":"VCID-k6xx-j2uv-67a9","summary":"xmlsec1: xmlsec vulnerable to external entity expansion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000061.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000061.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000061","reference_id":"","reference_type":"","scores":[{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69157","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69173","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69193","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69175","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69225","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69243","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69265","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00591","scoring_system":"epss","scoring_elements":"0.69222","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000061"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000061","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000061"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1437311","reference_id":"1437311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1437311"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2492","reference_id":"RHSA-2017:2492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2492"},{"reference_url":"https://usn.ubuntu.com/5674-1/","reference_id":"USN-5674-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5674-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/943491?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.24-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.24-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943486?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.31-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.31-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943484?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.37-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.37-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943488?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.41-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.41-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943487?format=json","purl":"pkg:deb/debian/xmlsec1@1.3.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.3.9-1%3Fdistro=trixie"}],"aliases":["CVE-2017-1000061"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6xx-j2uv-67a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34258?format=json","vulnerability_id":"VCID-xzye-g5rw-fyh5","summary":"Multiple vulnerabilities have been found in GraphicsMagick,\n    allowing remote attackers to execute arbitrary code or cause a Denial of\n    Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3736.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3736","reference_id":"","reference_type":"","scores":[{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26117","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26198","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2624","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26078","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2613","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26139","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31157","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31113","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=537941","reference_id":"537941","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=537941"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559797","reference_id":"559797","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559797"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559801","reference_id":"559801","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559801"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559806","reference_id":"559806","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559806"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559809","reference_id":"559809","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559809"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559811","reference_id":"559811","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559811"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559814","reference_id":"559814","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559814"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559815","reference_id":"559815","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559815"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559816","reference_id":"559816","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559816"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559819","reference_id":"559819","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559819"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559822","reference_id":"559822","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559822"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559824","reference_id":"559824","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559824"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559825","reference_id":"559825","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559825"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559826","reference_id":"559826","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559826"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559829","reference_id":"559829","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559829"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559831","reference_id":"559831","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559831"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559832","reference_id":"559832","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559832"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559833","reference_id":"559833","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559833"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559834","reference_id":"559834","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559834"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559835","reference_id":"559835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559835"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559836","reference_id":"559836","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559836"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559837","reference_id":"559837","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559837"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559840","reference_id":"559840","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559840"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559844","reference_id":"559844","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559844"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559845","reference_id":"559845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559845"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702436","reference_id":"702436","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702436"},{"reference_url":"https://security.gentoo.org/glsa/201311-10","reference_id":"GLSA-201311-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-10"},{"reference_url":"https://security.gentoo.org/glsa/201412-08","reference_id":"GLSA-201412-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1646","reference_id":"RHSA-2009:1646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0039","reference_id":"RHSA-2010:0039","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0039"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/943489?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943486?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.31-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.31-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943484?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.37-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.37-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943488?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.41-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.41-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943487?format=json","purl":"pkg:deb/debian/xmlsec1@1.3.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.3.9-1%3Fdistro=trixie"}],"aliases":["CVE-2009-3736"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xzye-g5rw-fyh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6667?format=json","vulnerability_id":"VCID-z7ht-bq8z-3qgd","summary":"XML signature HMAC truncation authentication bypass\nThis package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0217.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0217","reference_id":"","reference_type":"","scores":[{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83529","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83557","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83556","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83541","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83605","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.8359","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83581","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84491","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0222","scoring_system":"epss","scoring_elements":"0.84495","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0217"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=511915","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=511915"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217"},{"reference_url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"},{"reference_url":"https://gitlab.gnome.org/Archive/xmlsec/-/commit/34b349675af9f72eb822837a8772cc1ead7115c7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://gitlab.gnome.org/Archive/xmlsec/-/commit/34b349675af9f72eb822837a8772cc1ead7115c7"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47526","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47527","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"},{"reference_url":"https://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"},{"reference_url":"https://marc.info/?l=bugtraq&m=125787273209737&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0217","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0217"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2009-1428.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2009-1428.html"},{"reference_url":"https://svn.apache.org/viewvc?revision=794013&view=revision","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?revision=794013&view=revision"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=794013","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=794013"},{"reference_url":"https://www.debian.org/security/2010/dsa-1995","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2010/dsa-1995"},{"reference_url":"https://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"},{"reference_url":"https://www.kb.cert.org/vuls/id/466161","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/466161"},{"reference_url":"https://www.kb.cert.org/vuls/id/MAPG-7TSKXQ","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"},{"reference_url":"https://www.kb.cert.org/vuls/id/WDON-7TY529","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/WDON-7TY529"},{"reference_url":"https://www.mandriva.com/security/advisories?name=MDVSA-2009:209","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mandriva.com/security/advisories?name=MDVSA-2009:209"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"},{"reference_url":"https://www.redhat.com/support/errata/RHSA-2009-1694.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/support/errata/RHSA-2009-1694.html"},{"reference_url":"https://www.ubuntu.com/usn/USN-903-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.ubuntu.com/usn/USN-903-1"},{"reference_url":"https://www.us-cert.gov/cas/techalerts/TA09-294A.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.us-cert.gov/cas/techalerts/TA09-294A.html"},{"reference_url":"https://www.w3.org/2008/06/xmldsigcore-errata.html#e03","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.w3.org/2008/06/xmldsigcore-errata.html#e03"},{"reference_url":"https://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html"},{"reference_url":"https://bugzilla.redhat.com/CVE-2009-0217","reference_id":"CVE-2009-0217","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/CVE-2009-0217"},{"reference_url":"https://github.com/advisories/GHSA-8hfm-837h-hjg5","reference_id":"GHSA-8hfm-837h-hjg5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8hfm-837h-hjg5"},{"reference_url":"https://security.gentoo.org/glsa/201206-13","reference_id":"GLSA-201206-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-13"},{"reference_url":"https://security.gentoo.org/glsa/201408-19","reference_id":"GLSA-201408-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1200","reference_id":"RHSA-2009:1200","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1200"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1201","reference_id":"RHSA-2009:1201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1428","reference_id":"RHSA-2009:1428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1636","reference_id":"RHSA-2009:1636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1637","reference_id":"RHSA-2009:1637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1649","reference_id":"RHSA-2009:1649","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1649"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1650","reference_id":"RHSA-2009:1650","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1650"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0043","reference_id":"RHSA-2010:0043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0043"},{"reference_url":"https://usn.ubuntu.com/814-1/","reference_id":"USN-814-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/814-1/"},{"reference_url":"https://usn.ubuntu.com/826-1/","reference_id":"USN-826-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/826-1/"},{"reference_url":"https://usn.ubuntu.com/903-1/","reference_id":"USN-903-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/903-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/943485?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943486?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.31-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.31-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943484?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.37-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.37-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943488?format=json","purl":"pkg:deb/debian/xmlsec1@1.2.41-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.2.41-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/943487?format=json","purl":"pkg:deb/debian/xmlsec1@1.3.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.3.9-1%3Fdistro=trixie"}],"aliases":["CVE-2009-0217","GHSA-8hfm-837h-hjg5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7ht-bq8z-3qgd"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xmlsec1@1.3.9-1%3Fdistro=trixie"}