[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2009-3560":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":78,"duplicate_of":9,"upstream":79,"downstream":80,"duplicates":101,"related":102,"reserved_at":9,"published_at":107,"modified_at":108,"state":109,"summary":110,"references_raw":118,"kevs":377,"epss":378,"epss_history":381,"metrics":639,"affected":644},"CVE-2009-3560","The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[69],{"_key":70,"name":71,"source":72,"url":73,"maturity":74,"reliability_score":75,"verified":76,"type":9,"platforms":77,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_A36C0D60C5326AA7","Exploit Reference (mail.python.org)","reference","http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html","unknown",0.2,false,[],[],[],[81,83,85,87,89,91,93,95,97,99],{"_key":82},"RHSA-2009:1625",{"_key":84},"OPENSUSE-SU-2024:10077-1",{"_key":86},"OPENSUSE-SU-2024:10268-1",{"_key":88},"OPENSUSE-SU-2024:10568-1",{"_key":90},"OPENSUSE-SU-2024:11586-1",{"_key":92},"DSA-1953-1",{"_key":94},"DSA-1953-2",{"_key":96},"DSA-1977-1",{"_key":98},"DEBIAN-CVE-2009-3560",{"_key":100},"UBUNTU-CVE-2009-3560",[],[103,104,105,106],{"_key":84},{"_key":86},{"_key":88},{"_key":90},"2009-12-04T21:00:00.000Z","2024-08-07T06:31:10.684Z","Modified",{"cisa_kev":76,"cisa_ransomware":76,"cisa_vendor":9,"epss_severity":111,"epss_score":112,"severity":113,"severity_score":114,"severity_version":115,"severity_source":116,"severity_vector":117,"severity_status":109},"low",0.03008,"medium",5,"v2.0","nvd","AV:N/AC:L/Au:N/C:N/I:N/A:P",[119,126,134,139,145,151,156,160,165,170,175,179,184,190,194,198,202,206,211,215,219,223,227,233,237,241,245,249,253,257,261,265,270,274,279,284,288,293,297,301,305,309,313,317,321,325,329,333,337,341,345,349,353,357,361,365,369,373],{"url":120,"sources":121,"tags":123},"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165",[122,116],"cve.org",[124,125],"X Refsource CONFIRM","Permissions Required",{"url":127,"sources":128,"tags":129},"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026",[122,116],[130,131,132,133],"Vendor Advisory","X Refsource SLACKWARE","Mailing List","Third Party Advisory",{"url":135,"sources":136,"tags":137},"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html",[122,116],[130,138,132,133],"X Refsource FEDORA",{"url":140,"sources":141,"tags":142},"http://secunia.com/advisories/38832",[122,116],[133,143,144],"X Refsource SECUNIA","Broken Link",{"url":146,"sources":147,"tags":148},"http://www.securitytracker.com/id?1023278",[122,116],[149,150,133],"VDB Entry","X Refsource SECTRACK",{"url":152,"sources":153,"tags":154},"http://www.ubuntu.com/usn/USN-890-1",[122,116],[130,155,133,149],"X Refsource UBUNTU",{"url":157,"sources":158,"tags":159},"http://secunia.com/advisories/38794",[122,116],[133,143,144],{"url":161,"sources":162,"tags":163},"http://lists.vmware.com/pipermail/security-announce/2010/000082.html",[122,116],[132,164,144],"X Refsource MLIST",{"url":166,"sources":167,"tags":168},"http://www.vupen.com/english/advisories/2010/1107",[122,116],[149,169,144],"X Refsource VUPEN",{"url":171,"sources":172,"tags":173},"http://www.debian.org/security/2009/dsa-1953",[122,116],[130,174,133],"X Refsource DEBIAN",{"url":176,"sources":177,"tags":178},"http://secunia.com/advisories/41701",[122,116],[133,143,144],{"url":180,"sources":181,"tags":182},"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",[122,116],[130,183,133,149],"X Refsource SUSE",{"url":185,"sources":186,"tags":187},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6883",[122,116],[149,188,189,144],"Signature","X Refsource OVAL",{"url":191,"sources":192,"tags":193},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12942",[122,116],[149,188,189,144],{"url":195,"sources":196,"tags":197},"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",[122,116],[130,183,133,149],{"url":73,"sources":199,"tags":200},[122,116],[132,164,201],"Exploit",{"url":203,"sources":204,"tags":205},"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html",[122,116],[130,183,133],{"url":207,"sources":208,"tags":209},"http://www.securityfocus.com/bid/37203",[122,116],[149,210,133],"X Refsource BID",{"url":212,"sources":213,"tags":214},"http://www.ubuntu.com/usn/USN-890-6",[122,116],[130,155,133],{"url":216,"sources":217,"tags":218},"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165",[122,116],[124,144],{"url":220,"sources":221,"tags":222},"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html",[122,116],[130,138,132,133],{"url":224,"sources":225,"tags":226},"http://secunia.com/advisories/38231",[122,116],[133,143,144],{"url":228,"sources":229,"tags":230},"https://bugzilla.redhat.com/show_bug.cgi?id=533174",[122,116],[124,231,232],"Issue Tracking","Patch",{"url":234,"sources":235,"tags":236},"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",[122,116],[130,183,133,149],{"url":238,"sources":239,"tags":240},"http://secunia.com/advisories/38834",[122,116],[133,143,144],{"url":242,"sources":243,"tags":244},"http://secunia.com/advisories/39478",[122,116],[133,143,144],{"url":246,"sources":247,"tags":248},"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00394.html",[122,116],[130,138,132,133],{"url":250,"sources":251,"tags":252},"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",[122,116],[130,183,133,149],{"url":254,"sources":255,"tags":256},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10613",[122,116],[149,188,189,144],{"url":258,"sources":259,"tags":260},"http://secunia.com/advisories/37537",[122,116],[133,143,144],{"url":262,"sources":263,"tags":264},"http://secunia.com/advisories/43300",[122,116],[133,143,144],{"url":266,"sources":267,"tags":268},"http://www.redhat.com/support/errata/RHSA-2011-0896.html",[122,116],[130,269,144],"X Refsource REDHAT",{"url":271,"sources":272,"tags":273},"http://www.vupen.com/english/advisories/2010/0896",[122,116],[149,169,144],{"url":275,"sources":276,"tags":277},"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1",[122,116],[130,278,132,133],"X Refsource SUNALERT",{"url":280,"sources":281,"tags":282},"http://marc.info/?l=bugtraq&m=130168502603566&w=2",[122,116],[130,283,132,133],"X Refsource HP",{"url":285,"sources":286,"tags":287},"http://www.vupen.com/english/advisories/2011/0359",[122,116],[149,169,144],{"url":289,"sources":290,"tags":291},"http://www.mandriva.com/security/advisories?name=MDVSA-2009:316",[122,116],[130,292,144],"X Refsource MANDRIVA",{"url":294,"sources":295,"tags":296},"http://www.vupen.com/english/advisories/2010/0528",[122,116],[149,169,144],{"url":298,"sources":299,"tags":300},"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":302,"sources":303,"tags":304},"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":306,"sources":307,"tags":308},"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":310,"sources":311,"tags":312},"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":314,"sources":315,"tags":316},"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":318,"sources":319,"tags":320},"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":322,"sources":323,"tags":324},"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":326,"sources":327,"tags":328},"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":330,"sources":331,"tags":332},"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":334,"sources":335,"tags":336},"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":338,"sources":339,"tags":340},"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":342,"sources":343,"tags":344},"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":346,"sources":347,"tags":348},"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":350,"sources":351,"tags":352},"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":354,"sources":355,"tags":356},"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":358,"sources":359,"tags":360},"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":362,"sources":363,"tags":364},"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":366,"sources":367,"tags":368},"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":370,"sources":371,"tags":372},"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],{"url":374,"sources":375,"tags":376},"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",[122,116],[132,164],[],{"date":379,"score":112,"percentile":380},"2026-06-04",0.86837,[382,386,389,392,395,398,400,403,406,409,412,415,417,420,423,426,429,432,435,437,440,443,445,447,449,452,455,458,462,465,468,470,473,476,479,481,484,487,490,493,496,499,502,504,506,508,511,514,517,519,522,525,528,531,535,538,541,544,547,550,553,556,559,562,565,567,570,572,575,578,580,583,586,589,592,595,598,601,603,606,609,612,615,618,621,624,627,630,633,636],{"date":383,"score":384,"percentile":385},"2025-11-04",0.0283,0.8567,{"date":387,"score":384,"percentile":388},"2025-11-05",0.85674,{"date":390,"score":384,"percentile":391},"2025-11-06",0.85678,{"date":393,"score":384,"percentile":394},"2025-11-07",0.85687,{"date":396,"score":384,"percentile":397},"2025-11-08",0.85691,{"date":399,"score":384,"percentile":394},"2025-11-09",{"date":401,"score":384,"percentile":402},"2025-11-10",0.85685,{"date":404,"score":384,"percentile":405},"2025-11-11",0.85689,{"date":407,"score":384,"percentile":408},"2025-11-12",0.85701,{"date":410,"score":384,"percentile":411},"2025-11-13",0.85708,{"date":413,"score":384,"percentile":414},"2025-11-14",0.85709,{"date":416,"score":384,"percentile":408},"2025-11-15",{"date":418,"score":384,"percentile":419},"2025-11-16",0.85699,{"date":421,"score":384,"percentile":422},"2025-11-17",0.85684,{"date":424,"score":384,"percentile":425},"2025-11-18",0.84907,{"date":427,"score":384,"percentile":428},"2025-11-19",0.84908,{"date":430,"score":384,"percentile":431},"2025-11-20",0.84914,{"date":433,"score":384,"percentile":434},"2025-11-21",0.85692,{"date":436,"score":384,"percentile":405},"2025-11-22",{"date":438,"score":384,"percentile":439},"2025-11-23",0.8568,{"date":441,"score":384,"percentile":442},"2025-11-24",0.85681,{"date":444,"score":384,"percentile":391},"2025-11-25",{"date":446,"score":384,"percentile":439},"2025-11-26",{"date":448,"score":384,"percentile":439},"2025-11-27",{"date":450,"score":384,"percentile":451},"2025-11-28",0.85658,{"date":453,"score":384,"percentile":454},"2025-11-29",0.85712,{"date":456,"score":384,"percentile":457},"2025-11-30",0.85711,{"date":459,"score":460,"percentile":461},"2025-12-01",0.00783,0.73077,{"date":463,"score":460,"percentile":464},"2025-12-02",0.73088,{"date":466,"score":460,"percentile":467},"2025-12-03",0.73087,{"date":469,"score":384,"percentile":457},"2025-12-04",{"date":471,"score":384,"percentile":472},"2025-12-05",0.85715,{"date":474,"score":384,"percentile":475},"2025-12-06",0.8571,{"date":477,"score":384,"percentile":478},"2025-12-07",0.85698,{"date":480,"score":384,"percentile":478},"2025-12-08",{"date":482,"score":384,"percentile":483},"2025-12-09",0.85707,{"date":485,"score":384,"percentile":486},"2025-12-10",0.85728,{"date":488,"score":384,"percentile":489},"2025-12-11",0.85733,{"date":491,"score":384,"percentile":492},"2025-12-12",0.85734,{"date":494,"score":384,"percentile":495},"2025-12-13",0.85729,{"date":497,"score":384,"percentile":498},"2025-12-14",0.85722,{"date":500,"score":384,"percentile":501},"2025-12-15",0.85717,{"date":503,"score":384,"percentile":498},"2025-12-16",{"date":505,"score":384,"percentile":486},"2025-12-17",{"date":507,"score":384,"percentile":492},"2025-12-18",{"date":509,"score":384,"percentile":510},"2025-12-19",0.85738,{"date":512,"score":384,"percentile":513},"2025-12-20",0.85735,{"date":515,"score":384,"percentile":516},"2025-12-21",0.85737,{"date":518,"score":384,"percentile":513},"2025-12-22",{"date":520,"score":384,"percentile":521},"2025-12-23",0.8574,{"date":523,"score":384,"percentile":524},"2025-12-24",0.85744,{"date":526,"score":384,"percentile":527},"2025-12-25",0.8576,{"date":529,"score":384,"percentile":530},"2025-12-26",0.85761,{"date":532,"score":533,"percentile":534},"2025-12-27",0.02961,0.86102,{"date":536,"score":384,"percentile":537},"2025-12-28",0.85753,{"date":539,"score":384,"percentile":540},"2025-12-29",0.85748,{"date":542,"score":384,"percentile":543},"2025-12-30",0.85754,{"date":545,"score":384,"percentile":546},"2025-12-31",0.85764,{"date":548,"score":460,"percentile":549},"2026-01-01",0.73328,{"date":551,"score":460,"percentile":552},"2026-01-02",0.73326,{"date":554,"score":460,"percentile":555},"2026-01-03",0.73325,{"date":557,"score":384,"percentile":558},"2026-01-04",0.85763,{"date":560,"score":384,"percentile":561},"2026-01-05",0.85762,{"date":563,"score":384,"percentile":564},"2026-01-06",0.85765,{"date":566,"score":384,"percentile":546},"2026-01-07",{"date":568,"score":384,"percentile":569},"2026-01-08",0.85774,{"date":571,"score":384,"percentile":569},"2026-01-09",{"date":573,"score":384,"percentile":574},"2026-01-10",0.8577,{"date":576,"score":384,"percentile":577},"2026-01-11",0.85766,{"date":579,"score":384,"percentile":561},"2026-01-12",{"date":581,"score":384,"percentile":582},"2026-01-13",0.85756,{"date":584,"score":384,"percentile":585},"2026-01-14",0.85772,{"date":587,"score":384,"percentile":588},"2026-01-15",0.85771,{"date":590,"score":384,"percentile":591},"2026-01-16",0.85778,{"date":593,"score":384,"percentile":594},"2026-01-17",0.8578,{"date":596,"score":384,"percentile":597},"2026-01-18",0.85779,{"date":599,"score":384,"percentile":600},"2026-01-19",0.85777,{"date":602,"score":384,"percentile":597},"2026-01-20",{"date":604,"score":384,"percentile":605},"2026-01-21",0.85784,{"date":607,"score":384,"percentile":608},"2026-01-22",0.85789,{"date":610,"score":384,"percentile":611},"2026-01-23",0.85801,{"date":613,"score":384,"percentile":614},"2026-01-24",0.85809,{"date":616,"score":384,"percentile":617},"2026-01-25",0.85805,{"date":619,"score":384,"percentile":620},"2026-01-26",0.85803,{"date":622,"score":384,"percentile":623},"2026-01-27",0.85808,{"date":625,"score":384,"percentile":626},"2026-01-28",0.85813,{"date":628,"score":384,"percentile":629},"2026-01-29",0.85815,{"date":631,"score":384,"percentile":632},"2026-01-30",0.85816,{"date":634,"score":384,"percentile":635},"2026-01-31",0.8582,{"date":637,"score":460,"percentile":638},"2026-02-01",0.73397,[640],{"source":116,"cvss_v2_0":641,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":114,"baseSeverity":9,"vectorString":117,"impactScore":642,"exploitabilityScore":643},2.9,10,[645,660],{"ecosystem":9,"name":646,"vendor":9,"product":646,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":647},"HTTP Server",[648,656],{"version":649,"is_range":650,"range_type":651,"version_start":652,"version_start_type":653,"version_end":654,"version_end_type":655,"fixed_in":9},"gte2.0.35_lt2.0.64",true,"cpe","2.0.35","including","2.0.64","excluding",{"version":657,"is_range":650,"range_type":651,"version_start":658,"version_start_type":653,"version_end":659,"version_end_type":655,"fixed_in":9},"gte2.2.0_lt2.2.17","2.2.0","2.2.17",{"ecosystem":9,"name":661,"vendor":662,"product":661,"cpe_part":663,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":664},"libexpat","libexpat_project","a",[665],{"version":666,"is_range":76,"range_type":651,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0.1"]