Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/libxml2@2.9.7-13.el8_6?arch=4
Typerpm
Namespaceredhat
Namelibxml2
Version2.9.7-13.el8_6
Qualifiers
arch 4
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-aasn-u7fd-8bhy
vulnerability_id VCID-aasn-u7fd-8bhy
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39615
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30604
published_at 2026-04-13T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.30649
published_at 2026-04-12T12:55:00Z
2
value 0.00128
scoring_system epss
scoring_elements 0.32187
published_at 2026-04-11T12:55:00Z
3
value 0.00128
scoring_system epss
scoring_elements 0.32184
published_at 2026-04-09T12:55:00Z
4
value 0.0014
scoring_system epss
scoring_elements 0.34244
published_at 2026-04-02T12:55:00Z
5
value 0.0014
scoring_system epss
scoring_elements 0.34276
published_at 2026-04-04T12:55:00Z
6
value 0.00155
scoring_system epss
scoring_elements 0.363
published_at 2026-04-08T12:55:00Z
7
value 0.00155
scoring_system epss
scoring_elements 0.36251
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39615
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:25:30Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230
reference_id 1051230
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2235864
reference_id 2235864
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2235864
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39615
reference_id CVE-2023-39615
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-39615
8
reference_url https://access.redhat.com/errata/RHSA-2023:7544
reference_id RHSA-2023:7544
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7544
9
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
10
reference_url https://access.redhat.com/errata/RHSA-2023:7747
reference_id RHSA-2023:7747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7747
11
reference_url https://access.redhat.com/errata/RHSA-2024:0119
reference_id RHSA-2024:0119
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0119
12
reference_url https://access.redhat.com/errata/RHSA-2024:0413
reference_id RHSA-2024:0413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0413
13
reference_url https://access.redhat.com/errata/RHSA-2024:1317
reference_id RHSA-2024:1317
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1317
14
reference_url https://access.redhat.com/errata/RHSA-2024:1383
reference_id RHSA-2024:1383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1383
15
reference_url https://access.redhat.com/errata/RHSA-2024:1477
reference_id RHSA-2024:1477
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1477
fixed_packages
aliases CVE-2023-39615
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aasn-u7fd-8bhy
1
url VCID-eb6k-ppfd-m7a3
vulnerability_id VCID-eb6k-ppfd-m7a3
summary Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40304.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40304.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40304
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.37101
published_at 2026-04-02T12:55:00Z
1
value 0.00219
scoring_system epss
scoring_elements 0.4453
published_at 2026-04-13T12:55:00Z
2
value 0.00219
scoring_system epss
scoring_elements 0.44548
published_at 2026-04-04T12:55:00Z
3
value 0.00219
scoring_system epss
scoring_elements 0.44487
published_at 2026-04-07T12:55:00Z
4
value 0.00219
scoring_system epss
scoring_elements 0.44537
published_at 2026-04-08T12:55:00Z
5
value 0.00219
scoring_system epss
scoring_elements 0.44542
published_at 2026-04-09T12:55:00Z
6
value 0.00219
scoring_system epss
scoring_elements 0.44559
published_at 2026-04-11T12:55:00Z
7
value 0.00219
scoring_system epss
scoring_elements 0.44529
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40304
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
7
reference_url https://nokogiri.org/CHANGELOG.html#1139-2022-10-18
reference_id
reference_type
scores
url https://nokogiri.org/CHANGELOG.html#1139-2022-10-18
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225
reference_id 1022225
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225
9
reference_url http://seclists.org/fulldisclosure/2022/Dec/21
reference_id 21
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url http://seclists.org/fulldisclosure/2022/Dec/21
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2136288
reference_id 2136288
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2136288
11
reference_url http://seclists.org/fulldisclosure/2022/Dec/24
reference_id 24
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url http://seclists.org/fulldisclosure/2022/Dec/24
12
reference_url http://seclists.org/fulldisclosure/2022/Dec/25
reference_id 25
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url http://seclists.org/fulldisclosure/2022/Dec/25
13
reference_url http://seclists.org/fulldisclosure/2022/Dec/26
reference_id 26
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url http://seclists.org/fulldisclosure/2022/Dec/26
14
reference_url http://seclists.org/fulldisclosure/2022/Dec/27
reference_id 27
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url http://seclists.org/fulldisclosure/2022/Dec/27
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40304
reference_id CVE-2022-40304
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-40304
16
reference_url https://security.gentoo.org/glsa/202210-39
reference_id GLSA-202210-39
reference_type
scores
url https://security.gentoo.org/glsa/202210-39
17
reference_url https://support.apple.com/kb/HT213531
reference_id HT213531
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://support.apple.com/kb/HT213531
18
reference_url https://support.apple.com/kb/HT213533
reference_id HT213533
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://support.apple.com/kb/HT213533
19
reference_url https://support.apple.com/kb/HT213534
reference_id HT213534
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://support.apple.com/kb/HT213534
20
reference_url https://support.apple.com/kb/HT213535
reference_id HT213535
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://support.apple.com/kb/HT213535
21
reference_url https://support.apple.com/kb/HT213536
reference_id HT213536
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://support.apple.com/kb/HT213536
22
reference_url https://security.netapp.com/advisory/ntap-20221209-0003/
reference_id ntap-20221209-0003
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://security.netapp.com/advisory/ntap-20221209-0003/
23
reference_url https://access.redhat.com/errata/RHSA-2022:8841
reference_id RHSA-2022:8841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8841
24
reference_url https://access.redhat.com/errata/RHSA-2023:0173
reference_id RHSA-2023:0173
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0173
25
reference_url https://access.redhat.com/errata/RHSA-2023:0338
reference_id RHSA-2023:0338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0338
26
reference_url https://access.redhat.com/errata/RHSA-2024:0413
reference_id RHSA-2024:0413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0413
27
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/tags
reference_id tags
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/tags
28
reference_url https://usn.ubuntu.com/5760-1/
reference_id USN-5760-1
reference_type
scores
url https://usn.ubuntu.com/5760-1/
29
reference_url https://usn.ubuntu.com/5760-2/
reference_id USN-5760-2
reference_type
scores
url https://usn.ubuntu.com/5760-2/
fixed_packages
aliases CVE-2022-40304
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eb6k-ppfd-m7a3
2
url VCID-qpnt-xvgv-s3cq
vulnerability_id VCID-qpnt-xvgv-s3cq
summary This advisory has been invalidated.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28484
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.48197
published_at 2026-04-13T12:55:00Z
1
value 0.00249
scoring_system epss
scoring_elements 0.48186
published_at 2026-04-12T12:55:00Z
2
value 0.00258
scoring_system epss
scoring_elements 0.49179
published_at 2026-04-04T12:55:00Z
3
value 0.00258
scoring_system epss
scoring_elements 0.4915
published_at 2026-04-02T12:55:00Z
4
value 0.00258
scoring_system epss
scoring_elements 0.49181
published_at 2026-04-09T12:55:00Z
5
value 0.00258
scoring_system epss
scoring_elements 0.49184
published_at 2026-04-08T12:55:00Z
6
value 0.00258
scoring_system epss
scoring_elements 0.4913
published_at 2026-04-07T12:55:00Z
7
value 0.00258
scoring_system epss
scoring_elements 0.49199
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28484
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/491
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/491
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
7
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html
8
reference_url https://nokogiri.org/CHANGELOG.html#1143-2023-04-11
reference_id
reference_type
scores
url https://nokogiri.org/CHANGELOG.html#1143-2023-04-11
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436
reference_id 1034436
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2185994
reference_id 2185994
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2185994
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28484
reference_id CVE-2023-28484
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-28484
12
reference_url https://security.gentoo.org/glsa/202402-11
reference_id GLSA-202402-11
reference_type
scores
url https://security.gentoo.org/glsa/202402-11
13
reference_url https://security.netapp.com/advisory/ntap-20230601-0006/
reference_id ntap-20230601-0006
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/
url https://security.netapp.com/advisory/ntap-20230601-0006/
14
reference_url https://security.netapp.com/advisory/ntap-20240201-0005/
reference_id ntap-20240201-0005
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/
url https://security.netapp.com/advisory/ntap-20240201-0005/
15
reference_url https://access.redhat.com/errata/RHSA-2023:4349
reference_id RHSA-2023:4349
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4349
16
reference_url https://access.redhat.com/errata/RHSA-2023:4529
reference_id RHSA-2023:4529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4529
17
reference_url https://access.redhat.com/errata/RHSA-2023:4628
reference_id RHSA-2023:4628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4628
18
reference_url https://access.redhat.com/errata/RHSA-2024:0413
reference_id RHSA-2024:0413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0413
19
reference_url https://usn.ubuntu.com/6028-1/
reference_id USN-6028-1
reference_type
scores
url https://usn.ubuntu.com/6028-1/
20
reference_url https://usn.ubuntu.com/6028-2/
reference_id USN-6028-2
reference_type
scores
url https://usn.ubuntu.com/6028-2/
fixed_packages
aliases CVE-2023-28484
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpnt-xvgv-s3cq
3
url VCID-udew-3gre-13hy
vulnerability_id VCID-udew-3gre-13hy
summary Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40303
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39746
published_at 2026-04-02T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39712
published_at 2026-04-13T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39768
published_at 2026-04-04T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39687
published_at 2026-04-07T12:55:00Z
4
value 0.00181
scoring_system epss
scoring_elements 0.39741
published_at 2026-04-08T12:55:00Z
5
value 0.00181
scoring_system epss
scoring_elements 0.39755
published_at 2026-04-09T12:55:00Z
6
value 0.00181
scoring_system epss
scoring_elements 0.39765
published_at 2026-04-11T12:55:00Z
7
value 0.00181
scoring_system epss
scoring_elements 0.39729
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40303
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
7
reference_url https://nokogiri.org/CHANGELOG.html#1139-2022-10-18
reference_id
reference_type
scores
url https://nokogiri.org/CHANGELOG.html#1139-2022-10-18
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224
reference_id 1022224
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224
9
reference_url http://seclists.org/fulldisclosure/2022/Dec/21
reference_id 21
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url http://seclists.org/fulldisclosure/2022/Dec/21
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2136266
reference_id 2136266
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2136266
11
reference_url http://seclists.org/fulldisclosure/2022/Dec/24
reference_id 24
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url http://seclists.org/fulldisclosure/2022/Dec/24
12
reference_url http://seclists.org/fulldisclosure/2022/Dec/25
reference_id 25
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url http://seclists.org/fulldisclosure/2022/Dec/25
13
reference_url http://seclists.org/fulldisclosure/2022/Dec/26
reference_id 26
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url http://seclists.org/fulldisclosure/2022/Dec/26
14
reference_url http://seclists.org/fulldisclosure/2022/Dec/27
reference_id 27
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url http://seclists.org/fulldisclosure/2022/Dec/27
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40303
reference_id CVE-2022-40303
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-40303
16
reference_url https://security.gentoo.org/glsa/202210-39
reference_id GLSA-202210-39
reference_type
scores
url https://security.gentoo.org/glsa/202210-39
17
reference_url https://support.apple.com/kb/HT213531
reference_id HT213531
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://support.apple.com/kb/HT213531
18
reference_url https://support.apple.com/kb/HT213533
reference_id HT213533
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://support.apple.com/kb/HT213533
19
reference_url https://support.apple.com/kb/HT213534
reference_id HT213534
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://support.apple.com/kb/HT213534
20
reference_url https://support.apple.com/kb/HT213535
reference_id HT213535
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://support.apple.com/kb/HT213535
21
reference_url https://support.apple.com/kb/HT213536
reference_id HT213536
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://support.apple.com/kb/HT213536
22
reference_url https://security.netapp.com/advisory/ntap-20221209-0003/
reference_id ntap-20221209-0003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/
url https://security.netapp.com/advisory/ntap-20221209-0003/
23
reference_url https://access.redhat.com/errata/RHSA-2022:8841
reference_id RHSA-2022:8841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8841
24
reference_url https://access.redhat.com/errata/RHSA-2023:0173
reference_id RHSA-2023:0173
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0173
25
reference_url https://access.redhat.com/errata/RHSA-2023:0338
reference_id RHSA-2023:0338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0338
26
reference_url https://access.redhat.com/errata/RHSA-2024:0413
reference_id RHSA-2024:0413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0413
27
reference_url https://usn.ubuntu.com/5760-1/
reference_id USN-5760-1
reference_type
scores
url https://usn.ubuntu.com/5760-1/
28
reference_url https://usn.ubuntu.com/5760-2/
reference_id USN-5760-2
reference_type
scores
url https://usn.ubuntu.com/5760-2/
29
reference_url https://usn.ubuntu.com/7659-1/
reference_id USN-7659-1
reference_type
scores
url https://usn.ubuntu.com/7659-1/
fixed_packages
aliases CVE-2022-40303
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-udew-3gre-13hy
4
url VCID-x9ej-7dcq-tub2
vulnerability_id VCID-x9ej-7dcq-tub2
summary 
Double Free
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29469
reference_id
reference_type
scores
0
value 0.00072
scoring_system epss
scoring_elements 0.2209
published_at 2026-04-02T12:55:00Z
1
value 0.00072
scoring_system epss
scoring_elements 0.2196
published_at 2026-04-13T12:55:00Z
2
value 0.00072
scoring_system epss
scoring_elements 0.2214
published_at 2026-04-04T12:55:00Z
3
value 0.00072
scoring_system epss
scoring_elements 0.2191
published_at 2026-04-07T12:55:00Z
4
value 0.00072
scoring_system epss
scoring_elements 0.21991
published_at 2026-04-08T12:55:00Z
5
value 0.00072
scoring_system epss
scoring_elements 0.22046
published_at 2026-04-09T12:55:00Z
6
value 0.00072
scoring_system epss
scoring_elements 0.22061
published_at 2026-04-11T12:55:00Z
7
value 0.00072
scoring_system epss
scoring_elements 0.2202
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29469
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
6
reference_url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/
url https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
7
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html
8
reference_url https://nokogiri.org/CHANGELOG.html#1143-2023-04-11
reference_id
reference_type
scores
url https://nokogiri.org/CHANGELOG.html#1143-2023-04-11
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437
reference_id 1034437
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2185984
reference_id 2185984
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2185984
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29469
reference_id CVE-2023-29469
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-29469
12
reference_url https://security.gentoo.org/glsa/202402-11
reference_id GLSA-202402-11
reference_type
scores
url https://security.gentoo.org/glsa/202402-11
13
reference_url https://security.netapp.com/advisory/ntap-20230601-0006/
reference_id ntap-20230601-0006
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/
url https://security.netapp.com/advisory/ntap-20230601-0006/
14
reference_url https://access.redhat.com/errata/RHSA-2023:4349
reference_id RHSA-2023:4349
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4349
15
reference_url https://access.redhat.com/errata/RHSA-2023:4529
reference_id RHSA-2023:4529
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4529
16
reference_url https://access.redhat.com/errata/RHSA-2023:4628
reference_id RHSA-2023:4628
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4628
17
reference_url https://access.redhat.com/errata/RHSA-2024:0413
reference_id RHSA-2024:0413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0413
18
reference_url https://usn.ubuntu.com/6028-1/
reference_id USN-6028-1
reference_type
scores
url https://usn.ubuntu.com/6028-1/
19
reference_url https://usn.ubuntu.com/6028-2/
reference_id USN-6028-2
reference_type
scores
url https://usn.ubuntu.com/6028-2/
fixed_packages
aliases CVE-2023-29469
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9ej-7dcq-tub2
Fixing_vulnerabilities
Risk_score3.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libxml2@2.9.7-13.el8_6%3Farch=4