VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json
epss	0.04457	https://api.first.org/data/v1/epss?cve=CVE-2019-13117
epss	0.04457	https://api.first.org/data/v1/epss?cve=CVE-2019-13117
epss	0.04457	https://api.first.org/data/v1/epss?cve=CVE-2019-13117
epss	0.04457	https://api.first.org/data/v1/epss?cve=CVE-2019-13117
epss	0.04457	https://api.first.org/data/v1/epss?cve=CVE-2019-13117
epss	0.04457	https://api.first.org/data/v1/epss?cve=CVE-2019-13117
epss	0.04457	https://api.first.org/data/v1/epss?cve=CVE-2019-13117
epss	0.04457	https://api.first.org/data/v1/epss?cve=CVE-2019-13117
epss	0.04457	https://api.first.org/data/v1/epss?cve=CVE-2019-13117
generic_textual	HIGH	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
cvssv3.1	4.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-4hm9-844j-jmxp
generic_textual	HIGH	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml
generic_textual	HIGH	https://github.com/sparklemotion/nokogiri/issues/1943
generic_textual	HIGH	https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
generic_textual	HIGH	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
generic_textual	HIGH	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2019-13117
generic_textual	HIGH	https://oss-fuzz.com/testcase-detail/5631739747106816
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20190806-0004
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20200122-0003
generic_textual	HIGH	https://usn.ubuntu.com/4164-1
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpujan2020.html
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2019/11/17/2

System

Score

Found at

generic_textual

HIGH

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html

cvssv3

5.3

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json

epss

0.04457

https://api.first.org/data/v1/epss?cve=CVE-2019-13117

epss

0.04457

https://api.first.org/data/v1/epss?cve=CVE-2019-13117

epss

0.04457

https://api.first.org/data/v1/epss?cve=CVE-2019-13117

epss

0.04457

https://api.first.org/data/v1/epss?cve=CVE-2019-13117

epss

0.04457

https://api.first.org/data/v1/epss?cve=CVE-2019-13117

epss

0.04457

https://api.first.org/data/v1/epss?cve=CVE-2019-13117

epss

0.04457

https://api.first.org/data/v1/epss?cve=CVE-2019-13117

epss

0.04457

https://api.first.org/data/v1/epss?cve=CVE-2019-13117

epss

0.04457

https://api.first.org/data/v1/epss?cve=CVE-2019-13117

generic_textual

HIGH

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471

cvssv3.1

4.3

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

cvssv3.1_qr

HIGH

https://github.com/advisories/GHSA-4hm9-844j-jmxp

generic_textual

HIGH

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml

generic_textual

HIGH

https://github.com/sparklemotion/nokogiri/issues/1943

generic_textual

HIGH

https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1

generic_textual

HIGH

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

generic_textual

HIGH

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

generic_textual

HIGH

https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html

generic_textual

HIGH

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ

generic_textual

HIGH

https://nvd.nist.gov/vuln/detail/CVE-2019-13117

generic_textual

HIGH

https://oss-fuzz.com/testcase-detail/5631739747106816

generic_textual

HIGH

https://security.netapp.com/advisory/ntap-20190806-0004

generic_textual

HIGH

https://security.netapp.com/advisory/ntap-20200122-0003

generic_textual

HIGH

https://usn.ubuntu.com/4164-1

generic_textual

HIGH

https://www.oracle.com/security-alerts/cpujan2020.html

generic_textual

HIGH

http://www.openwall.com/lists/oss-security/2019/11/17/2

Reference id

Reference type

URL

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13117.json

https://api.first.org/data/v1/epss?cve=CVE-2019-13117

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13117

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2019-13117.yml

https://github.com/sparklemotion/nokogiri/issues/1943

https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/

https://oss-fuzz.com/testcase-detail/5631739747106816

https://security.netapp.com/advisory/ntap-20190806-0004

https://security.netapp.com/advisory/ntap-20190806-0004/

https://security.netapp.com/advisory/ntap-20200122-0003

https://security.netapp.com/advisory/ntap-20200122-0003/

https://usn.ubuntu.com/4164-1

https://www.oracle.com/security-alerts/cpujan2020.html

http://www.openwall.com/lists/oss-security/2019/11/17/2

1728546

https://bugzilla.redhat.com/show_bug.cgi?id=1728546

931321

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931321

CVE-2019-13117

https://nvd.nist.gov/vuln/detail/CVE-2019-13117

GHSA-4hm9-844j-jmxp

https://github.com/advisories/GHSA-4hm9-844j-jmxp

USN-4164-1

https://usn.ubuntu.com/4164-1/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:48:33.086368+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/CVE-2019-13117.yml	38.0.0

2026-04-01T12:48:33.086368+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/CVE-2019-13117.yml

38.0.0

Vulnerability ID	VCID-txm2-sdc1-7uch
Aliases	CVE-2019-13117 GHSA-4hm9-844j-jmxp
Summary	Improper Input Validation In `numbers.c` in libxslt, which is used by nokogiri, an `xsl:number` with certain format strings could lead to an uninitialized read in `xsltNumberFormatInsertNumbers`. This could allow an attacker to discern whether a byte on the stack contains the characters `[AaIi0]`, or any other character.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-908	Use of Uninitialized Resource
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-134	Use of Externally-Controlled Format String

Percentile	0.89019
EPSS Score	0.04457
Published At	April 1, 2026, 12:55 p.m.