[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-24839":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":86,"aliases":87,"duplicate_of":9,"upstream":89,"downstream":90,"duplicates":105,"related":106,"reserved_at":9,"published_at":112,"modified_at":113,"state":114,"summary":115,"references_raw":124,"kevs":155,"epss":156,"epss_history":159,"metrics":418,"affected":432},"CVE-2022-24839","org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],[],[88],"GHSA-9849-p7jc-9rmv",[],[91,93,95,97,99,101,103],{"_key":92},"OPENSUSE-SU-2024:11999-1",{"_key":94},"OPENSUSE-SU-2024:13165-1",{"_key":96},"OPENSUSE-SU-2024:14174-1",{"_key":98},"OPENSUSE-SU-2025:14697-1",{"_key":100},"OPENSUSE-SU-2026:10356-1",{"_key":102},"DEBIAN-CVE-2022-24839",{"_key":104},"UBUNTU-CVE-2022-24839",[],[107,108,109,110,111],{"_key":92},{"_key":94},{"_key":96},{"_key":98},{"_key":100},"2022-04-11T21:25:12.000Z","2025-04-23T18:40:37.485Z","Modified",{"cisa_kev":116,"cisa_ransomware":116,"cisa_vendor":9,"epss_severity":117,"epss_score":118,"severity":119,"severity_score":120,"severity_version":121,"severity_source":122,"severity_vector":123,"severity_status":114},false,"low",0.00454,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[125,134,140,145,150],{"url":126,"sources":127,"tags":130},"https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv",[122,128,129],"nvd","osv_maven",[131,132,133],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":135,"sources":136,"tags":137},"https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d",[122,128,129],[138,139,133],"X Refsource MISC","Patch",{"url":141,"sources":142,"tags":143},"https://www.oracle.com/security-alerts/cpujul2022.html",[122,128,129],[138,139,144,133],"Third Party Advisory",{"url":146,"sources":147,"tags":148},"https://nvd.nist.gov/vuln/detail/CVE-2022-24839",[129],[149],"Advisory",{"url":151,"sources":152,"tags":153},"https://github.com/sparklemotion/nekohtml",[129],[154],"PACKAGE",[],{"date":157,"score":118,"percentile":158},"2026-06-04",0.64117,[160,164,167,170,173,175,178,181,184,187,190,193,196,198,201,205,208,211,214,216,218,221,224,227,230,233,236,239,242,245,248,251,254,256,259,261,264,267,269,272,275,278,281,284,287,290,293,296,299,301,304,307,310,313,316,319,322,325,328,331,334,337,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,386,389,392,395,398,400,402,404,406,409,412,415],{"date":161,"score":162,"percentile":163},"2025-11-04",0.00334,0.55662,{"date":165,"score":162,"percentile":166},"2025-11-05",0.55626,{"date":168,"score":162,"percentile":169},"2025-11-06",0.55636,{"date":171,"score":162,"percentile":172},"2025-11-07",0.55656,{"date":174,"score":162,"percentile":163},"2025-11-08",{"date":176,"score":162,"percentile":177},"2025-11-09",0.55654,{"date":179,"score":162,"percentile":180},"2025-11-10",0.5563,{"date":182,"score":162,"percentile":183},"2025-11-11",0.55643,{"date":185,"score":162,"percentile":186},"2025-11-12",0.55668,{"date":188,"score":162,"percentile":189},"2025-11-13",0.55676,{"date":191,"score":162,"percentile":192},"2025-11-14",0.55678,{"date":194,"score":162,"percentile":195},"2025-11-15",0.55669,{"date":197,"score":162,"percentile":177},"2025-11-16",{"date":199,"score":162,"percentile":200},"2025-11-17",0.55645,{"date":202,"score":203,"percentile":204},"2025-11-18",0.00655,0.68655,{"date":206,"score":203,"percentile":207},"2025-11-19",0.68662,{"date":209,"score":203,"percentile":210},"2025-11-20",0.68667,{"date":212,"score":162,"percentile":213},"2025-11-21",0.55658,{"date":215,"score":162,"percentile":177},"2025-11-22",{"date":217,"score":162,"percentile":166},"2025-11-23",{"date":219,"score":162,"percentile":220},"2025-11-24",0.55623,{"date":222,"score":162,"percentile":223},"2025-11-25",0.55627,{"date":225,"score":162,"percentile":226},"2025-11-26",0.55629,{"date":228,"score":162,"percentile":229},"2025-11-27",0.55631,{"date":231,"score":162,"percentile":232},"2025-11-28",0.55603,{"date":234,"score":162,"percentile":235},"2025-11-29",0.5559,{"date":237,"score":162,"percentile":238},"2025-11-30",0.55576,{"date":240,"score":162,"percentile":241},"2025-12-01",0.55735,{"date":243,"score":162,"percentile":244},"2025-12-02",0.55749,{"date":246,"score":162,"percentile":247},"2025-12-03",0.55741,{"date":249,"score":162,"percentile":250},"2025-12-04",0.55575,{"date":252,"score":162,"percentile":253},"2025-12-05",0.55592,{"date":255,"score":162,"percentile":253},"2025-12-06",{"date":257,"score":162,"percentile":258},"2025-12-07",0.55583,{"date":260,"score":162,"percentile":258},"2025-12-08",{"date":262,"score":162,"percentile":263},"2025-12-09",0.556,{"date":265,"score":162,"percentile":266},"2025-12-10",0.55657,{"date":268,"score":162,"percentile":189},"2025-12-11",{"date":270,"score":118,"percentile":271},"2025-12-12",0.63099,{"date":273,"score":118,"percentile":274},"2025-12-13",0.63106,{"date":276,"score":118,"percentile":277},"2025-12-14",0.63105,{"date":279,"score":118,"percentile":280},"2025-12-15",0.63096,{"date":282,"score":118,"percentile":283},"2025-12-16",0.63111,{"date":285,"score":118,"percentile":286},"2025-12-17",0.63125,{"date":288,"score":118,"percentile":289},"2025-12-18",0.63161,{"date":291,"score":118,"percentile":292},"2025-12-19",0.63178,{"date":294,"score":118,"percentile":295},"2025-12-20",0.63179,{"date":297,"score":118,"percentile":298},"2025-12-21",0.6317,{"date":300,"score":118,"percentile":289},"2025-12-22",{"date":302,"score":118,"percentile":303},"2025-12-23",0.63176,{"date":305,"score":118,"percentile":306},"2025-12-24",0.63183,{"date":308,"score":118,"percentile":309},"2025-12-25",0.6321,{"date":311,"score":118,"percentile":312},"2025-12-26",0.63208,{"date":314,"score":118,"percentile":315},"2025-12-27",0.63263,{"date":317,"score":118,"percentile":318},"2025-12-28",0.63185,{"date":320,"score":118,"percentile":321},"2025-12-29",0.63177,{"date":323,"score":118,"percentile":324},"2025-12-30",0.63191,{"date":326,"score":118,"percentile":327},"2025-12-31",0.63218,{"date":329,"score":118,"percentile":330},"2026-01-01",0.63406,{"date":332,"score":118,"percentile":333},"2026-01-02",0.6339,{"date":335,"score":118,"percentile":336},"2026-01-03",0.63388,{"date":338,"score":118,"percentile":312},"2026-01-04",{"date":340,"score":118,"percentile":341},"2026-01-05",0.63201,{"date":343,"score":118,"percentile":344},"2026-01-06",0.63198,{"date":346,"score":118,"percentile":347},"2026-01-07",0.63219,{"date":349,"score":118,"percentile":350},"2026-01-08",0.63241,{"date":352,"score":118,"percentile":353},"2026-01-09",0.63243,{"date":355,"score":118,"percentile":356},"2026-01-10",0.63238,{"date":358,"score":118,"percentile":359},"2026-01-11",0.63225,{"date":361,"score":118,"percentile":362},"2026-01-12",0.63205,{"date":364,"score":118,"percentile":365},"2026-01-13",0.63203,{"date":367,"score":118,"percentile":368},"2026-01-14",0.63246,{"date":370,"score":118,"percentile":371},"2026-01-15",0.63264,{"date":373,"score":118,"percentile":374},"2026-01-16",0.63283,{"date":376,"score":118,"percentile":377},"2026-01-17",0.63273,{"date":379,"score":118,"percentile":380},"2026-01-18",0.6326,{"date":382,"score":118,"percentile":383},"2026-01-19",0.63247,{"date":385,"score":118,"percentile":315},"2026-01-20",{"date":387,"score":118,"percentile":388},"2026-01-21",0.63265,{"date":390,"score":118,"percentile":391},"2026-01-22",0.63269,{"date":393,"score":118,"percentile":394},"2026-01-23",0.63303,{"date":396,"score":118,"percentile":397},"2026-01-24",0.63308,{"date":399,"score":118,"percentile":377},"2026-01-25",{"date":401,"score":118,"percentile":315},"2026-01-26",{"date":403,"score":118,"percentile":377},"2026-01-27",{"date":405,"score":118,"percentile":374},"2026-01-28",{"date":407,"score":118,"percentile":408},"2026-01-29",0.63279,{"date":410,"score":118,"percentile":411},"2026-01-30",0.63285,{"date":413,"score":118,"percentile":414},"2026-01-31",0.63289,{"date":416,"score":118,"percentile":417},"2026-02-01",0.63431,[419,424,430],{"source":122,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":420,"cvss_v4_0":9},{"baseScore":120,"baseSeverity":421,"vectorString":123,"impactScore":422,"exploitabilityScore":423},"HIGH",6,10,{"source":128,"cvss_v2_0":425,"cvss_v3_0":9,"cvss_v3_1":429,"cvss_v4_0":9},{"baseScore":426,"baseSeverity":9,"vectorString":427,"impactScore":428,"exploitabilityScore":423},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,{"baseScore":120,"baseSeverity":421,"vectorString":123,"impactScore":422,"exploitabilityScore":423},{"source":129,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":431,"cvss_v4_0":9},{"baseScore":120,"baseSeverity":9,"vectorString":123,"impactScore":422,"exploitabilityScore":423},[433,446,453,462],{"ecosystem":434,"name":435,"vendor":436,"product":437,"cpe_part":9,"purl_type":438,"purl_namespace":436,"purl_name":437,"source":9,"versions":439},"Maven","org.nokogiri:nekohtml","org.nokogiri","nekohtml","maven",[440],{"version":441,"is_range":442,"range_type":443,"version_start":9,"version_start_type":9,"version_end":444,"version_end_type":445,"fixed_in":9},"lt1_9_22_noko2",true,"ecosystem","1.9.22.noko2","excluding",{"ecosystem":9,"name":437,"vendor":447,"product":437,"cpe_part":448,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":449},"nekohtml_project","a",[450],{"version":451,"is_range":442,"range_type":452,"version_start":9,"version_start_type":9,"version_end":444,"version_end_type":445,"fixed_in":9},"lt1.9.22.noko2","cpe",{"ecosystem":9,"name":454,"vendor":9,"product":454,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":455},"WebLogic Server",[456,458,460],{"version":457,"is_range":116,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.2.1.3.0",{"version":459,"is_range":116,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.2.1.4.0",{"version":461,"is_range":116,"range_type":452,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.1.1.0.0",{"ecosystem":9,"name":437,"vendor":463,"product":437,"cpe_part":448,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":464},"sparklemotion",[465],{"version":466,"is_range":442,"range_type":122,"version_start":9,"version_start_type":9,"version_end":444,"version_end_type":445,"fixed_in":9},"\u003C 1.9.22.noko2"]