From 30a801a9ff32d83b754ab62be3c0f4a93a3307a2 Mon Sep 17 00:00:00 2001
From: Henrique Cabral <hocabral37@gmail.com>
Date: Thu, 5 Mar 2026 18:13:33 -0300
Subject: [PATCH 1/2] New Vuln in libxmljs

---
 input/new.json | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/input/new.json b/input/new.json
index 87646b9a..e287a983 100644
--- a/input/new.json
+++ b/input/new.json
@@ -1,15 +1,17 @@
 {
-  "package_name": "",
+  "package_name": "libxmljs",
   "patch_versions": [],
-  "vulnerable_ranges": [],
-  "cwe": [],
-  "tldr": "",
-  "doest_this_affect_me": "",
-  "how_to_fix": "",
-  "vulnerable_to": "",
-  "related_cve_id": "",
-  "language": "",
-  "severity_class": "",
-  "aikido_score": 0,
-  "changelog": ""
+  "vulnerable_ranges":  "*",
+  "cwe": [
+    "CWE-843"
+  ],
+  "tldr": "Affected versions of this package contain a type confusion vulnerability when parsing specially crafted XML and invoking the `namespaces()` function on a grand-child node that references an entity. The underlying `_wrap__xmlNode_nsDef_get()` call may incorrectly interpret memory structures, leading to memory corruption. An attacker could provide a malicious XML payload that triggers this condition during parsing, potentially causing denial of service or remote code execution if memory corruption is exploited. Notably, this issue has remained open for years and the package appears to be unmaintained or no longer actively updated, which increases the risk of continued exposure.",
+  "doest_this_affect_me": "You are affected if you are using this package.",
+  "how_to_fix": "Remove any `libxmljs` package from your application. Please take a look at `libxml2-wasm` instead.",
+  "vulnerable_to": "Type Confusion",
+  "related_cve_id": "GHSA-mg49-jqgw-gcj6",
+  "language": "JS",
+  "severity_class": "CRITICAL",
+  "aikido_score": 93,
+  "changelog": "https://github.com/libxmljs/libxmljs/issues/646"
 }

From 3235343c3af46f6d289e47100060274bf90aca4c Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 5 Mar 2026 21:17:32 +0000
Subject: [PATCH 2/2] Move new vulnerability to
 vulnerabilities/AIKIDO-2026-10301.json and reset new.json template

---
 input/new.json                         | 26 ++++++++++++--------------
 vulnerabilities/AIKIDO-2026-10301.json | 19 +++++++++++++++++++
 2 files changed, 31 insertions(+), 14 deletions(-)
 create mode 100644 vulnerabilities/AIKIDO-2026-10301.json

diff --git a/input/new.json b/input/new.json
index e287a983..87646b9a 100644
--- a/input/new.json
+++ b/input/new.json
@@ -1,17 +1,15 @@
 {
-  "package_name": "libxmljs",
+  "package_name": "",
   "patch_versions": [],
-  "vulnerable_ranges":  "*",
-  "cwe": [
-    "CWE-843"
-  ],
-  "tldr": "Affected versions of this package contain a type confusion vulnerability when parsing specially crafted XML and invoking the `namespaces()` function on a grand-child node that references an entity. The underlying `_wrap__xmlNode_nsDef_get()` call may incorrectly interpret memory structures, leading to memory corruption. An attacker could provide a malicious XML payload that triggers this condition during parsing, potentially causing denial of service or remote code execution if memory corruption is exploited. Notably, this issue has remained open for years and the package appears to be unmaintained or no longer actively updated, which increases the risk of continued exposure.",
-  "doest_this_affect_me": "You are affected if you are using this package.",
-  "how_to_fix": "Remove any `libxmljs` package from your application. Please take a look at `libxml2-wasm` instead.",
-  "vulnerable_to": "Type Confusion",
-  "related_cve_id": "GHSA-mg49-jqgw-gcj6",
-  "language": "JS",
-  "severity_class": "CRITICAL",
-  "aikido_score": 93,
-  "changelog": "https://github.com/libxmljs/libxmljs/issues/646"
+  "vulnerable_ranges": [],
+  "cwe": [],
+  "tldr": "",
+  "doest_this_affect_me": "",
+  "how_to_fix": "",
+  "vulnerable_to": "",
+  "related_cve_id": "",
+  "language": "",
+  "severity_class": "",
+  "aikido_score": 0,
+  "changelog": ""
 }
diff --git a/vulnerabilities/AIKIDO-2026-10301.json b/vulnerabilities/AIKIDO-2026-10301.json
new file mode 100644
index 00000000..f3b82295
--- /dev/null
+++ b/vulnerabilities/AIKIDO-2026-10301.json
@@ -0,0 +1,19 @@
+{
+  "package_name": "libxmljs",
+  "patch_versions": [],
+  "vulnerable_ranges": "*",
+  "cwe": [
+    "CWE-843"
+  ],
+  "tldr": "Affected versions of this package contain a type confusion vulnerability when parsing specially crafted XML and invoking the `namespaces()` function on a grand-child node that references an entity. The underlying `_wrap__xmlNode_nsDef_get()` call may incorrectly interpret memory structures, leading to memory corruption. An attacker could provide a malicious XML payload that triggers this condition during parsing, potentially causing denial of service or remote code execution if memory corruption is exploited. Notably, this issue has remained open for years and the package appears to be unmaintained or no longer actively updated, which increases the risk of continued exposure.",
+  "doest_this_affect_me": "You are affected if you are using this package.",
+  "how_to_fix": "Remove any `libxmljs` package from your application. Please take a look at `libxml2-wasm` instead.",
+  "vulnerable_to": "Type Confusion",
+  "related_cve_id": "GHSA-mg49-jqgw-gcj6",
+  "language": "JS",
+  "severity_class": "CRITICAL",
+  "aikido_score": 93,
+  "changelog": "https://github.com/libxmljs/libxmljs/issues/646",
+  "last_modified": "2026-03-05",
+  "published": "2026-03-05"
+}