htacg CVE Vulnerabilities & Metrics

Focus on htacg vulnerabilities and metrics.

Last updated: 26 Nov 2025, 23:25 UTC

About htacg Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with htacg. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total htacg CVEs: 6
Earliest CVE date: 11 Aug 2015, 14:59 UTC
Latest CVE date: 23 Jun 2025, 02:15 UTC

Latest CVE reference: CVE-2025-6498

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical htacg CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.8

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	4
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS htacg CVEs

These are the five CVEs with the highest CVSS scores for htacg, sorted by severity first and recency.

CVE-2015-5522 htacg Published on 11 Aug 2015, 14:59 UTC (CVSS: 6.8)
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
CVE-2017-17497 htacg Published on 10 Dec 2017, 22:29 UTC (CVSS: 5.0)
In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.
CVE-2017-13692 htacg Published on 25 Aug 2017, 08:29 UTC (CVSS: 5.0)
In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument.
CVE-2015-5523 htacg Published on 11 Aug 2015, 14:59 UTC (CVSS: 4.3)
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
CVE-2025-6498 htacg Published on 23 Jun 2025, 02:15 UTC (CVSS: 1.7)
A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

All CVEs for htacg

CVE-2025-6498 htacg vulnerability CVSS: 1.7 23 Jun 2025, 02:15 UTC

A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

CVE-2021-33391 htacg vulnerability CVSS: 0 17 Feb 2023, 18:15 UTC

An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.

CVE-2017-17497 htacg vulnerability CVSS: 5.0 10 Dec 2017, 22:29 UTC

In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.

CVE-2017-13692 htacg vulnerability CVSS: 5.0 25 Aug 2017, 08:29 UTC

In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument.

CVE-2015-5523 htacg vulnerability CVSS: 4.3 11 Aug 2015, 14:59 UTC

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

CVE-2015-5522 htacg vulnerability CVSS: 6.8 11 Aug 2015, 14:59 UTC

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.