[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-9318":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":33,"duplicate_of":9,"upstream":34,"downstream":35,"duplicates":60,"related":61,"reserved_at":9,"published_at":69,"modified_at":70,"state":71,"summary":72,"references_raw":80,"kevs":121,"epss":122,"epss_history":125,"metrics":395,"affected":408},"CVE-2016-9318","libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-611","Improper Restriction of XML External Entity Reference","The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-221","Data Serialization External Entities Blowup",[],[24],{"_key":25,"name":26,"source":27,"url":28,"maturity":29,"reliability_score":30,"verified":31,"type":9,"platforms":32,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_LSH123_XMLSEC","Xmlsec","github","https://github.com/lsh123/xmlsec/issues/43","poc",0.3,false,[],[],[],[36,38,40,42,44,46,48,50,52,54,56,58],{"_key":37},"ALPINE-CVE-2016-9318",{"_key":39},"SUSE-SU-2019:13985-1",{"_key":41},"SUSE-SU-2017:0164-1",{"_key":43},"SUSE-SU-2017:0380-1",{"_key":45},"SUSE-SU-2017:1366-1",{"_key":47},"SUSE-SU-2017:1557-1",{"_key":49},"SUSE-SU-2019:1896-1",{"_key":51},"DLA-2972-1",{"_key":53},"MGASA-2018-0048",{"_key":55},"UBUNTU-CVE-2016-9318",{"_key":57},"USN-3739-1",{"_key":59},"DEBIAN-CVE-2016-9318",[],[62,63,64,65,66,67,68],{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":53},"2016-11-16T00:00:00.000Z","2025-12-04T16:39:57.327Z","Modified",{"cisa_kev":31,"cisa_ransomware":31,"cisa_vendor":9,"epss_severity":73,"epss_score":74,"severity":75,"severity_score":76,"severity_version":77,"severity_source":78,"severity_vector":79,"severity_status":71},"low",0.00119,"medium",5.5,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",[81,91,95,101,106,111,115],{"url":82,"sources":83,"tags":85},"https://bugzilla.gnome.org/show_bug.cgi?id=772726",[78,84],"nvd",[86,87,88,89,90],"X Refsource MISC","Issue Tracking","Patch","Third Party Advisory","VDB Entry",{"url":28,"sources":92,"tags":93},[78,84],[86,94,88,89],"Exploit",{"url":96,"sources":97,"tags":98},"https://usn.ubuntu.com/3739-1/",[78,84],[99,100,89],"Vendor Advisory","X Refsource UBUNTU",{"url":102,"sources":103,"tags":104},"https://security.gentoo.org/glsa/201711-01",[78,84],[99,105,89],"X Refsource GENTOO",{"url":107,"sources":108,"tags":109},"http://www.securityfocus.com/bid/94347",[78,84],[90,110,89],"X Refsource BID",{"url":112,"sources":113,"tags":114},"https://usn.ubuntu.com/3739-2/",[78,84],[99,100,89],{"url":116,"sources":117,"tags":118},"https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html",[78,84],[119,120],"Mailing List","X Refsource MLIST",[],{"date":123,"score":74,"percentile":124},"2026-06-04",0.30308,[126,130,133,136,139,142,145,148,151,154,156,159,162,165,168,172,175,178,181,183,186,189,192,195,197,200,203,206,209,211,214,217,220,223,226,228,231,234,237,240,243,246,249,252,255,259,262,265,268,271,274,277,280,283,287,290,293,296,299,302,305,308,311,314,317,319,323,326,329,332,335,338,341,344,347,350,353,356,359,362,365,368,371,374,377,380,383,386,389,392],{"date":127,"score":128,"percentile":129},"2025-11-04",0.00041,0.11929,{"date":131,"score":128,"percentile":132},"2025-11-05",0.11956,{"date":134,"score":128,"percentile":135},"2025-11-06",0.12062,{"date":137,"score":128,"percentile":138},"2025-11-07",0.1208,{"date":140,"score":128,"percentile":141},"2025-11-08",0.12083,{"date":143,"score":128,"percentile":144},"2025-11-09",0.12061,{"date":146,"score":128,"percentile":147},"2025-11-10",0.11999,{"date":149,"score":128,"percentile":150},"2025-11-11",0.12018,{"date":152,"score":128,"percentile":153},"2025-11-12",0.12046,{"date":155,"score":128,"percentile":135},"2025-11-13",{"date":157,"score":128,"percentile":158},"2025-11-14",0.12077,{"date":160,"score":128,"percentile":161},"2025-11-15",0.12076,{"date":163,"score":128,"percentile":164},"2025-11-16",0.12068,{"date":166,"score":128,"percentile":167},"2025-11-17",0.12043,{"date":169,"score":170,"percentile":171},"2025-11-18",0.00035,0.05853,{"date":173,"score":170,"percentile":174},"2025-11-19",0.05871,{"date":176,"score":170,"percentile":177},"2025-11-20",0.05906,{"date":179,"score":170,"percentile":180},"2025-11-21",0.09724,{"date":182,"score":128,"percentile":138},"2025-11-22",{"date":184,"score":128,"percentile":185},"2025-11-23",0.12069,{"date":187,"score":128,"percentile":188},"2025-11-24",0.12016,{"date":190,"score":128,"percentile":191},"2025-11-25",0.12021,{"date":193,"score":128,"percentile":194},"2025-11-26",0.12015,{"date":196,"score":128,"percentile":191},"2025-11-27",{"date":198,"score":128,"percentile":199},"2025-11-28",0.12013,{"date":201,"score":128,"percentile":202},"2025-11-29",0.11965,{"date":204,"score":128,"percentile":205},"2025-11-30",0.11967,{"date":207,"score":128,"percentile":208},"2025-12-01",0.12008,{"date":210,"score":128,"percentile":188},"2025-12-02",{"date":212,"score":128,"percentile":213},"2025-12-03",0.12023,{"date":215,"score":128,"percentile":216},"2025-12-04",0.12011,{"date":218,"score":128,"percentile":219},"2025-12-05",0.12058,{"date":221,"score":128,"percentile":222},"2025-12-06",0.12073,{"date":224,"score":128,"percentile":225},"2025-12-07",0.12067,{"date":227,"score":128,"percentile":222},"2025-12-08",{"date":229,"score":128,"percentile":230},"2025-12-09",0.1213,{"date":232,"score":128,"percentile":233},"2025-12-10",0.12195,{"date":235,"score":128,"percentile":236},"2025-12-11",0.12217,{"date":238,"score":128,"percentile":239},"2025-12-12",0.12259,{"date":241,"score":128,"percentile":242},"2025-12-13",0.12326,{"date":244,"score":128,"percentile":245},"2025-12-14",0.1231,{"date":247,"score":128,"percentile":248},"2025-12-15",0.12264,{"date":250,"score":128,"percentile":251},"2025-12-16",0.12247,{"date":253,"score":128,"percentile":254},"2025-12-17",0.12334,{"date":256,"score":257,"percentile":258},"2025-12-18",0.00122,0.32102,{"date":260,"score":257,"percentile":261},"2025-12-19",0.32129,{"date":263,"score":257,"percentile":264},"2025-12-20",0.32108,{"date":266,"score":257,"percentile":267},"2025-12-21",0.32049,{"date":269,"score":257,"percentile":270},"2025-12-22",0.32018,{"date":272,"score":257,"percentile":273},"2025-12-23",0.31998,{"date":275,"score":257,"percentile":276},"2025-12-24",0.31992,{"date":278,"score":257,"percentile":279},"2025-12-25",0.32065,{"date":281,"score":257,"percentile":282},"2025-12-26",0.32051,{"date":284,"score":285,"percentile":286},"2025-12-27",0.0013,0.3333,{"date":288,"score":257,"percentile":289},"2025-12-28",0.31986,{"date":291,"score":257,"percentile":292},"2025-12-29",0.31954,{"date":294,"score":257,"percentile":295},"2025-12-30",0.31948,{"date":297,"score":257,"percentile":298},"2025-12-31",0.31999,{"date":300,"score":257,"percentile":301},"2026-01-01",0.32142,{"date":303,"score":257,"percentile":304},"2026-01-02",0.32132,{"date":306,"score":257,"percentile":307},"2026-01-03",0.32112,{"date":309,"score":257,"percentile":310},"2026-01-04",0.31971,{"date":312,"score":257,"percentile":313},"2026-01-05",0.31957,{"date":315,"score":257,"percentile":316},"2026-01-06",0.3197,{"date":318,"score":257,"percentile":276},"2026-01-07",{"date":320,"score":321,"percentile":322},"2026-01-08",0.00132,0.33573,{"date":324,"score":321,"percentile":325},"2026-01-09",0.33571,{"date":327,"score":321,"percentile":328},"2026-01-10",0.33568,{"date":330,"score":321,"percentile":331},"2026-01-11",0.33546,{"date":333,"score":321,"percentile":334},"2026-01-12",0.33478,{"date":336,"score":321,"percentile":337},"2026-01-13",0.33464,{"date":339,"score":321,"percentile":340},"2026-01-14",0.33508,{"date":342,"score":321,"percentile":343},"2026-01-15",0.33503,{"date":345,"score":321,"percentile":346},"2026-01-16",0.33525,{"date":348,"score":321,"percentile":349},"2026-01-17",0.33507,{"date":351,"score":321,"percentile":352},"2026-01-18",0.33445,{"date":354,"score":321,"percentile":355},"2026-01-19",0.33407,{"date":357,"score":321,"percentile":358},"2026-01-20",0.33389,{"date":360,"score":321,"percentile":361},"2026-01-21",0.33349,{"date":363,"score":321,"percentile":364},"2026-01-22",0.33325,{"date":366,"score":321,"percentile":367},"2026-01-23",0.33388,{"date":369,"score":321,"percentile":370},"2026-01-24",0.33395,{"date":372,"score":321,"percentile":373},"2026-01-25",0.33328,{"date":375,"score":321,"percentile":376},"2026-01-26",0.33249,{"date":378,"score":321,"percentile":379},"2026-01-27",0.33239,{"date":381,"score":321,"percentile":382},"2026-01-28",0.33214,{"date":384,"score":321,"percentile":385},"2026-01-29",0.33176,{"date":387,"score":321,"percentile":388},"2026-01-30",0.33163,{"date":390,"score":321,"percentile":391},"2026-01-31",0.33172,{"date":393,"score":321,"percentile":394},"2026-02-01",0.33268,[396,401],{"source":78,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":397,"cvss_v4_0":9},{"baseScore":76,"baseSeverity":398,"vectorString":79,"impactScore":399,"exploitabilityScore":400},"MEDIUM",6,4.6,{"source":84,"cvss_v2_0":402,"cvss_v3_0":9,"cvss_v3_1":407,"cvss_v4_0":9},{"baseScore":403,"baseSeverity":9,"vectorString":404,"impactScore":405,"exploitabilityScore":406},4.3,"AV:N/AC:M/Au:N/C:P/I:N/A:N",2.9,8.6,{"baseScore":76,"baseSeverity":398,"vectorString":79,"impactScore":399,"exploitabilityScore":400},[409,424],{"ecosystem":9,"name":410,"vendor":411,"product":412,"cpe_part":413,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":414},"ubuntu linux","canonical","ubuntu_linux","o",[415,418,420,422],{"version":416,"is_range":31,"range_type":417,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":419,"is_range":31,"range_type":417,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":421,"is_range":31,"range_type":417,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":423,"is_range":31,"range_type":417,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"ecosystem":9,"name":425,"vendor":426,"product":425,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"libxml2","xmlsoft","a",[429],{"version":430,"is_range":431,"range_type":417,"version_start":9,"version_start_type":9,"version_end":432,"version_end_type":433,"fixed_in":9},"lte2.9.4",true,"2.9.4","including"]