[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2007-4559":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":50,"duplicate_of":9,"upstream":51,"downstream":52,"duplicates":117,"related":118,"reserved_at":9,"published_at":148,"modified_at":149,"state":150,"summary":151,"references_raw":158,"kevs":214,"epss":215,"epss_history":218,"metrics":440,"affected":452},"CVE-2007-4559","Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[41],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_BE4CF04335181A96","Exploit Reference (mail.python.org)","reference","http://mail.python.org/pipermail/python-dev/2007-August/074292.html","unknown",0.2,false,[],[],[],[53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115],{"_key":54},"SUSE-SU-2023:2778-1",{"_key":56},"OPENSUSE-SU-2024:12976-1",{"_key":58},"OPENSUSE-SU-2025:15104-1",{"_key":60},"SUSE-SU-2023:2473-1",{"_key":62},"SUSE-SU-2023:2509-1",{"_key":64},"SUSE-SU-2023:2463-1",{"_key":66},"SUSE-SU-2023:2517-1",{"_key":68},"SUSE-SU-2023:2641-1",{"_key":70},"SUSE-SU-2023:2884-1",{"_key":72},"SUSE-SU-2023:2937-1",{"_key":74},"SUSE-SU-2023:2957-1",{"_key":76},"OPENSUSE-SU-2024:12684-1",{"_key":78},"OPENSUSE-SU-2024:12947-1",{"_key":80},"OPENSUSE-SU-2024:12964-1",{"_key":82},"OPENSUSE-SU-2024:12977-1",{"_key":84},"OPENSUSE-SU-2024:13071-1",{"_key":86},"SUSE-SU-2026:0210-1",{"_key":88},"UBUNTU-CVE-2007-4559",{"_key":90},"RHSA-2023:6324",{"_key":92},"RHSA-2023:6494",{"_key":94},"RHSA-2023:6659",{"_key":96},"RHSA-2023:6694",{"_key":98},"RHSA-2023:6793",{"_key":100},"RHSA-2023:6914",{"_key":102},"RHSA-2023:7024",{"_key":104},"RHSA-2023:7034",{"_key":106},"RHSA-2023:7050",{"_key":108},"RHSA-2023:7151",{"_key":110},"RHSA-2023:7176",{"_key":112},"RHSA-2024:0374",{"_key":114},"RHSA-2024:0430",{"_key":116},"RHSA-2024:0587",[],[119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,138,140,142,144,146],{"_key":54},{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},{"_key":70},{"_key":72},{"_key":74},{"_key":76},{"_key":78},{"_key":80},{"_key":82},{"_key":84},{"_key":86},{"_key":137},"CGA-6CXP-QQQ9-5MQ3",{"_key":139},"CGA-966X-PPQQ-MP9W",{"_key":141},"CGA-C5PX-86G5-RX2P",{"_key":143},"CGA-H6QQ-2P9F-RRPX",{"_key":145},"CGA-WMG2-C3FJ-MPMV",{"_key":147},"CGA-W27G-MVVC-9237","2007-08-28T00:00:00.000Z","2025-01-17T14:48:23.199Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":152,"epss_score":153,"severity":152,"severity_score":154,"severity_version":155,"severity_source":156,"severity_vector":157,"severity_status":150},"critical",0.89361,9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[159,166,171,176,182,186,190,194,198,202,206,210],{"url":160,"sources":161,"tags":163},"http://secunia.com/advisories/26623",[156,162],"nvd",[164,165],"Third Party Advisory","Broken Link",{"url":167,"sources":168,"tags":169},"http://www.vupen.com/english/advisories/2007/3022",[156,162],[170,165],"VDB Entry",{"url":172,"sources":173,"tags":174},"https://bugzilla.redhat.com/show_bug.cgi?id=263261",[156,162],[175],"Issue Tracking",{"url":177,"sources":178,"tags":179},"http://mail.python.org/pipermail/python-dev/2007-August/074290.html",[156,162],[180,181],"Mailing List","Vendor Advisory",{"url":45,"sources":183,"tags":184},[156,162],[180,185],"Exploit",{"url":187,"sources":188,"tags":189},"https://security.gentoo.org/glsa/202309-06",[156,162],[181],{"url":191,"sources":192,"tags":193},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/",[156,162],[181],{"url":195,"sources":196,"tags":197},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/",[156,162],[181],{"url":199,"sources":200,"tags":201},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/",[156,162],[181],{"url":203,"sources":204,"tags":205},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/",[156,162],[],{"url":207,"sources":208,"tags":209},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/",[156,162],[],{"url":211,"sources":212,"tags":213},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/",[156,162],[],[],{"date":216,"score":153,"percentile":217},"2026-06-04",0.9956,[219,223,226,228,230,233,235,237,241,244,246,248,250,252,254,257,259,261,263,265,267,269,271,273,275,277,279,281,285,288,290,293,295,298,300,303,305,308,310,313,315,317,319,322,325,329,331,333,335,338,341,343,345,347,351,353,355,357,359,363,365,369,373,375,377,380,382,384,387,389,391,393,395,398,400,403,406,408,410,412,414,417,419,421,425,427,429,431,433,436],{"date":220,"score":221,"percentile":222},"2025-11-04",0.88553,0.99469,{"date":224,"score":221,"percentile":225},"2025-11-05",0.9947,{"date":227,"score":221,"percentile":225},"2025-11-06",{"date":229,"score":221,"percentile":225},"2025-11-07",{"date":231,"score":221,"percentile":232},"2025-11-08",0.99468,{"date":234,"score":221,"percentile":232},"2025-11-09",{"date":236,"score":221,"percentile":232},"2025-11-10",{"date":238,"score":239,"percentile":240},"2025-11-11",0.89294,0.99509,{"date":242,"score":239,"percentile":243},"2025-11-12",0.9951,{"date":245,"score":239,"percentile":243},"2025-11-13",{"date":247,"score":239,"percentile":243},"2025-11-14",{"date":249,"score":239,"percentile":243},"2025-11-15",{"date":251,"score":239,"percentile":243},"2025-11-16",{"date":253,"score":239,"percentile":243},"2025-11-17",{"date":255,"score":239,"percentile":256},"2025-11-18",0.99631,{"date":258,"score":239,"percentile":256},"2025-11-19",{"date":260,"score":239,"percentile":256},"2025-11-20",{"date":262,"score":239,"percentile":240},"2025-11-21",{"date":264,"score":239,"percentile":240},"2025-11-22",{"date":266,"score":239,"percentile":240},"2025-11-23",{"date":268,"score":239,"percentile":240},"2025-11-24",{"date":270,"score":239,"percentile":240},"2025-11-25",{"date":272,"score":239,"percentile":240},"2025-11-26",{"date":274,"score":239,"percentile":243},"2025-11-27",{"date":276,"score":239,"percentile":243},"2025-11-28",{"date":278,"score":239,"percentile":243},"2025-11-29",{"date":280,"score":239,"percentile":243},"2025-11-30",{"date":282,"score":283,"percentile":284},"2025-12-01",0.85742,0.99343,{"date":286,"score":283,"percentile":287},"2025-12-02",0.99344,{"date":289,"score":283,"percentile":284},"2025-12-03",{"date":291,"score":239,"percentile":292},"2025-12-04",0.99512,{"date":294,"score":239,"percentile":292},"2025-12-05",{"date":296,"score":239,"percentile":297},"2025-12-06",0.99513,{"date":299,"score":239,"percentile":297},"2025-12-07",{"date":301,"score":239,"percentile":302},"2025-12-08",0.99515,{"date":304,"score":239,"percentile":302},"2025-12-09",{"date":306,"score":239,"percentile":307},"2025-12-10",0.99516,{"date":309,"score":239,"percentile":307},"2025-12-11",{"date":311,"score":239,"percentile":312},"2025-12-12",0.99517,{"date":314,"score":239,"percentile":312},"2025-12-13",{"date":316,"score":239,"percentile":312},"2025-12-14",{"date":318,"score":239,"percentile":312},"2025-12-15",{"date":320,"score":239,"percentile":321},"2025-12-16",0.99518,{"date":323,"score":239,"percentile":324},"2025-12-17",0.99519,{"date":326,"score":327,"percentile":328},"2025-12-18",0.88814,0.99491,{"date":330,"score":327,"percentile":328},"2025-12-19",{"date":332,"score":327,"percentile":328},"2025-12-20",{"date":334,"score":327,"percentile":328},"2025-12-21",{"date":336,"score":327,"percentile":337},"2025-12-22",0.99493,{"date":339,"score":327,"percentile":340},"2025-12-23",0.99492,{"date":342,"score":327,"percentile":337},"2025-12-24",{"date":344,"score":327,"percentile":340},"2025-12-25",{"date":346,"score":327,"percentile":340},"2025-12-26",{"date":348,"score":349,"percentile":350},"2025-12-27",0.89308,0.9952,{"date":352,"score":327,"percentile":328},"2025-12-28",{"date":354,"score":327,"percentile":328},"2025-12-29",{"date":356,"score":327,"percentile":328},"2025-12-30",{"date":358,"score":327,"percentile":340},"2025-12-31",{"date":360,"score":361,"percentile":362},"2026-01-01",0.84887,0.99321,{"date":364,"score":361,"percentile":362},"2026-01-02",{"date":366,"score":367,"percentile":368},"2026-01-03",0.85081,0.99329,{"date":370,"score":371,"percentile":372},"2026-01-04",0.88929,0.99498,{"date":374,"score":371,"percentile":372},"2026-01-05",{"date":376,"score":371,"percentile":372},"2026-01-06",{"date":378,"score":371,"percentile":379},"2026-01-07",0.99499,{"date":381,"score":371,"percentile":379},"2026-01-08",{"date":383,"score":371,"percentile":379},"2026-01-09",{"date":385,"score":371,"percentile":386},"2026-01-10",0.995,{"date":388,"score":371,"percentile":386},"2026-01-11",{"date":390,"score":371,"percentile":386},"2026-01-12",{"date":392,"score":371,"percentile":386},"2026-01-13",{"date":394,"score":371,"percentile":386},"2026-01-14",{"date":396,"score":371,"percentile":397},"2026-01-15",0.99502,{"date":399,"score":371,"percentile":397},"2026-01-16",{"date":401,"score":371,"percentile":402},"2026-01-17",0.99504,{"date":404,"score":371,"percentile":405},"2026-01-18",0.99505,{"date":407,"score":371,"percentile":405},"2026-01-19",{"date":409,"score":371,"percentile":405},"2026-01-20",{"date":411,"score":371,"percentile":405},"2026-01-21",{"date":413,"score":371,"percentile":405},"2026-01-22",{"date":415,"score":371,"percentile":416},"2026-01-23",0.99506,{"date":418,"score":371,"percentile":416},"2026-01-24",{"date":420,"score":371,"percentile":405},"2026-01-25",{"date":422,"score":423,"percentile":424},"2026-01-26",0.90582,0.99593,{"date":426,"score":423,"percentile":424},"2026-01-27",{"date":428,"score":423,"percentile":424},"2026-01-28",{"date":430,"score":423,"percentile":424},"2026-01-29",{"date":432,"score":423,"percentile":424},"2026-01-30",{"date":434,"score":423,"percentile":435},"2026-01-31",0.99594,{"date":437,"score":438,"percentile":439},"2026-02-01",0.87871,0.99465,[441,445],{"source":156,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":442,"cvss_v4_0":9},{"baseScore":154,"baseSeverity":443,"vectorString":157,"impactScore":154,"exploitabilityScore":444},"CRITICAL",10,{"source":162,"cvss_v2_0":446,"cvss_v3_0":9,"cvss_v3_1":451,"cvss_v4_0":9},{"baseScore":447,"baseSeverity":9,"vectorString":448,"impactScore":449,"exploitabilityScore":450},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":154,"baseSeverity":443,"vectorString":157,"impactScore":154,"exploitabilityScore":444},[453],{"ecosystem":9,"name":454,"vendor":454,"product":454,"cpe_part":455,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":456},"python","a",[457,463,468,472,476],{"version":458,"is_range":459,"range_type":460,"version_start":9,"version_start_type":9,"version_end":461,"version_end_type":462,"fixed_in":9},"lt3.6.16",true,"cpe","3.6.16","excluding",{"version":464,"is_range":459,"range_type":460,"version_start":465,"version_start_type":466,"version_end":467,"version_end_type":462,"fixed_in":9},"gte3.7.0_lt3.8.17","3.7.0","including","3.8.17",{"version":469,"is_range":459,"range_type":460,"version_start":470,"version_start_type":466,"version_end":471,"version_end_type":462,"fixed_in":9},"gte3.9.0_lt3.9.17","3.9.0","3.9.17",{"version":473,"is_range":459,"range_type":460,"version_start":474,"version_start_type":466,"version_end":475,"version_end_type":462,"fixed_in":9},"gte3.10.0_lt3.10.12","3.10.0","3.10.12",{"version":477,"is_range":459,"range_type":460,"version_start":478,"version_start_type":466,"version_end":479,"version_end_type":462,"fixed_in":9},"gte3.11.0_lt3.11.4","3.11.0","3.11.4"]