[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2014-4616":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":34,"duplicate_of":9,"upstream":37,"downstream":38,"duplicates":57,"related":58,"reserved_at":9,"published_at":61,"modified_at":62,"state":63,"summary":64,"references_raw":72,"kevs":135,"epss":136,"epss_history":139,"metrics":406,"affected":420},"CVE-2014-4616","Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-129","Improper Validation of Array Index","The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.","weakness","Draft","Variant","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-100","Overflow Buffers",[],[25],{"_key":26,"name":27,"source":28,"url":29,"maturity":30,"reliability_score":31,"verified":32,"type":9,"platforms":33,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_0409369A7448095E","Exploit Reference (hackerone.com)","reference","https://hackerone.com/reports/12297","unknown",0.2,false,[],[35,36],"GHSA-9772-cwx9-r4cj","PSF-2017-1",[],[39,41,43,45,47,49,51,53,55],{"_key":40},"ALPINE-CVE-2014-4616",{"_key":42},"MGASA-2014-0285",{"_key":44},"MGASA-2014-0286",{"_key":46},"UBUNTU-CVE-2014-4616",{"_key":48},"USN-2653-1",{"_key":50},"DEBIAN-CVE-2014-4616",{"_key":52},"RHEA-2014:1175",{"_key":54},"RHSA-2015:1064",{"_key":56},"RHSA-2015:2101",[],[59,60],{"_key":42},{"_key":44},"2017-08-24T20:00:00.000Z","2024-08-06T11:20:27.021Z","Modified",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":65,"epss_score":66,"severity":67,"severity_score":68,"severity_version":69,"severity_source":70,"severity_vector":71,"severity_status":63},"low",0.00427,"medium",5.9,"v3.1","nvd","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",[73,83,89,95,101,106,111,116,121,125,130],{"url":29,"sources":74,"tags":77},[75,70,76],"cve.org","osv_pypi",[78,79,80,81,82],"X Refsource MISC","Exploit","Patch","Third Party Advisory","WEB",{"url":84,"sources":85,"tags":86},"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395",[75,70,76],[78,87,88,81,82],"Issue Tracking","Mailing List",{"url":90,"sources":91,"tags":92},"http://rhn.redhat.com/errata/RHSA-2015-1064.html",[75,70,76],[93,94,81,82],"Vendor Advisory","X Refsource REDHAT",{"url":96,"sources":97,"tags":98},"http://www.securityfocus.com/bid/68119",[75,70,76],[99,100,81,82],"VDB Entry","X Refsource BID",{"url":102,"sources":103,"tags":104},"http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html",[75,70,76],[93,105,88,81,82],"X Refsource SUSE",{"url":107,"sources":108,"tags":109},"https://security.gentoo.org/glsa/201503-10",[75,70,76],[93,110,80,81,99,82],"X Refsource GENTOO",{"url":112,"sources":113,"tags":114},"http://openwall.com/lists/oss-security/2014/06/24/7",[75,70,76],[88,115,81,82],"X Refsource MLIST",{"url":117,"sources":118,"tags":119},"http://bugs.python.org/issue21529",[75,70,76],[120,87,93,82],"X Refsource CONFIRM",{"url":122,"sources":123,"tags":124},"https://bugzilla.redhat.com/show_bug.cgi?id=1112285",[75,70,76],[120,87,80,81,82],{"url":126,"sources":127,"tags":128},"https://nvd.nist.gov/vuln/detail/CVE-2014-4616",[76],[129],"Advisory",{"url":131,"sources":132,"tags":133},"https://github.com/simplejson/simplejson",[76],[134],"PACKAGE",[],{"date":137,"score":66,"percentile":138},"2026-06-04",0.62738,[140,143,146,149,152,155,157,160,163,166,169,172,175,178,181,184,187,190,192,195,198,201,204,206,209,212,214,217,221,224,227,230,233,236,239,241,244,248,251,254,257,261,264,267,270,274,277,279,282,285,288,291,294,296,300,303,306,309,312,316,319,322,324,327,330,333,336,339,342,345,348,350,353,356,359,362,365,368,371,374,376,379,382,385,388,391,394,397,400,403],{"date":141,"score":66,"percentile":142},"2025-11-04",0.61651,{"date":144,"score":66,"percentile":145},"2025-11-05",0.61638,{"date":147,"score":66,"percentile":148},"2025-11-06",0.61647,{"date":150,"score":66,"percentile":151},"2025-11-07",0.61664,{"date":153,"score":66,"percentile":154},"2025-11-08",0.61668,{"date":156,"score":66,"percentile":151},"2025-11-09",{"date":158,"score":66,"percentile":159},"2025-11-10",0.61645,{"date":161,"score":66,"percentile":162},"2025-11-11",0.6166,{"date":164,"score":66,"percentile":165},"2025-11-12",0.61684,{"date":167,"score":66,"percentile":168},"2025-11-13",0.61691,{"date":170,"score":66,"percentile":171},"2025-11-14",0.617,{"date":173,"score":66,"percentile":174},"2025-11-15",0.61693,{"date":176,"score":66,"percentile":177},"2025-11-16",0.61683,{"date":179,"score":66,"percentile":180},"2025-11-17",0.61685,{"date":182,"score":66,"percentile":183},"2025-11-18",0.59711,{"date":185,"score":66,"percentile":186},"2025-11-19",0.59724,{"date":188,"score":66,"percentile":189},"2025-11-20",0.59713,{"date":191,"score":66,"percentile":174},"2025-11-21",{"date":193,"score":66,"percentile":194},"2025-11-22",0.61699,{"date":196,"score":66,"percentile":197},"2025-11-23",0.6168,{"date":199,"score":66,"percentile":200},"2025-11-24",0.61673,{"date":202,"score":66,"percentile":203},"2025-11-25",0.61681,{"date":205,"score":66,"percentile":203},"2025-11-26",{"date":207,"score":66,"percentile":208},"2025-11-27",0.61689,{"date":210,"score":66,"percentile":211},"2025-11-28",0.61669,{"date":213,"score":66,"percentile":159},"2025-11-29",{"date":215,"score":66,"percentile":216},"2025-11-30",0.61637,{"date":218,"score":219,"percentile":220},"2025-12-01",0.0069,0.71101,{"date":222,"score":219,"percentile":223},"2025-12-02",0.71117,{"date":225,"score":219,"percentile":226},"2025-12-03",0.71115,{"date":228,"score":66,"percentile":229},"2025-12-04",0.61636,{"date":231,"score":66,"percentile":232},"2025-12-05",0.61646,{"date":234,"score":66,"percentile":235},"2025-12-06",0.61644,{"date":237,"score":66,"percentile":238},"2025-12-07",0.61639,{"date":240,"score":66,"percentile":235},"2025-12-08",{"date":242,"score":66,"percentile":243},"2025-12-09",0.61682,{"date":245,"score":246,"percentile":247},"2025-12-10",0.0038,0.5874,{"date":249,"score":246,"percentile":250},"2025-12-11",0.58761,{"date":252,"score":246,"percentile":253},"2025-12-12",0.58779,{"date":255,"score":246,"percentile":256},"2025-12-13",0.58783,{"date":258,"score":259,"percentile":260},"2025-12-14",0.00558,0.67442,{"date":262,"score":259,"percentile":263},"2025-12-15",0.67441,{"date":265,"score":259,"percentile":266},"2025-12-16",0.67444,{"date":268,"score":259,"percentile":269},"2025-12-17",0.67457,{"date":271,"score":272,"percentile":273},"2025-12-18",0.00609,0.69017,{"date":275,"score":272,"percentile":276},"2025-12-19",0.69035,{"date":278,"score":272,"percentile":276},"2025-12-20",{"date":280,"score":272,"percentile":281},"2025-12-21",0.6902,{"date":283,"score":272,"percentile":284},"2025-12-22",0.69023,{"date":286,"score":272,"percentile":287},"2025-12-23",0.69022,{"date":289,"score":259,"percentile":290},"2025-12-24",0.6754,{"date":292,"score":259,"percentile":293},"2025-12-25",0.67571,{"date":295,"score":259,"percentile":293},"2025-12-26",{"date":297,"score":298,"percentile":299},"2025-12-27",0.00586,0.68458,{"date":301,"score":259,"percentile":302},"2025-12-28",0.67544,{"date":304,"score":259,"percentile":305},"2025-12-29",0.67537,{"date":307,"score":259,"percentile":308},"2025-12-30",0.67549,{"date":310,"score":259,"percentile":311},"2025-12-31",0.67568,{"date":313,"score":314,"percentile":315},"2026-01-01",0.00915,0.75507,{"date":317,"score":314,"percentile":318},"2026-01-02",0.7551,{"date":320,"score":314,"percentile":321},"2026-01-03",0.75509,{"date":323,"score":259,"percentile":311},"2026-01-04",{"date":325,"score":259,"percentile":326},"2026-01-05",0.67558,{"date":328,"score":259,"percentile":329},"2026-01-06",0.67567,{"date":331,"score":259,"percentile":332},"2026-01-07",0.67587,{"date":334,"score":259,"percentile":335},"2026-01-08",0.67602,{"date":337,"score":259,"percentile":338},"2026-01-09",0.67612,{"date":340,"score":259,"percentile":341},"2026-01-10",0.67613,{"date":343,"score":259,"percentile":344},"2026-01-11",0.67604,{"date":346,"score":259,"percentile":347},"2026-01-12",0.67592,{"date":349,"score":259,"percentile":332},"2026-01-13",{"date":351,"score":259,"percentile":352},"2026-01-14",0.67624,{"date":354,"score":259,"percentile":355},"2026-01-15",0.67627,{"date":357,"score":259,"percentile":358},"2026-01-16",0.67644,{"date":360,"score":259,"percentile":361},"2026-01-17",0.67632,{"date":363,"score":259,"percentile":364},"2026-01-18",0.6762,{"date":366,"score":259,"percentile":367},"2026-01-19",0.67603,{"date":369,"score":259,"percentile":370},"2026-01-20",0.67614,{"date":372,"score":259,"percentile":373},"2026-01-21",0.67622,{"date":375,"score":259,"percentile":361},"2026-01-22",{"date":377,"score":259,"percentile":378},"2026-01-23",0.67663,{"date":380,"score":259,"percentile":381},"2026-01-24",0.67673,{"date":383,"score":259,"percentile":384},"2026-01-25",0.67641,{"date":386,"score":259,"percentile":387},"2026-01-26",0.67633,{"date":389,"score":259,"percentile":390},"2026-01-27",0.67642,{"date":392,"score":259,"percentile":393},"2026-01-28",0.67653,{"date":395,"score":259,"percentile":396},"2026-01-29",0.67649,{"date":398,"score":259,"percentile":399},"2026-01-30",0.67657,{"date":401,"score":259,"percentile":402},"2026-01-31",0.67661,{"date":404,"score":314,"percentile":405},"2026-02-01",0.75585,[407,417],{"source":70,"cvss_v2_0":408,"cvss_v3_0":9,"cvss_v3_1":413,"cvss_v4_0":9},{"baseScore":409,"baseSeverity":9,"vectorString":410,"impactScore":411,"exploitabilityScore":412},4.3,"AV:N/AC:M/Au:N/C:P/I:N/A:N",2.9,8.6,{"baseScore":68,"baseSeverity":414,"vectorString":71,"impactScore":415,"exploitabilityScore":416},"MEDIUM",6,5.6,{"source":76,"cvss_v2_0":9,"cvss_v3_0":418,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":9,"vectorString":419,"impactScore":415,"exploitabilityScore":416},"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",[421,429,433,444,465],{"ecosystem":9,"name":422,"vendor":423,"product":422,"cpe_part":424,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":425},"opensuse","opensuse_project","o",[426],{"version":427,"is_range":32,"range_type":428,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.3","cpe",{"ecosystem":9,"name":422,"vendor":422,"product":422,"cpe_part":424,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":430},[431],{"version":432,"is_range":32,"range_type":428,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"13.1",{"ecosystem":434,"name":435,"vendor":434,"product":435,"cpe_part":9,"purl_type":436,"purl_namespace":9,"purl_name":435,"source":9,"versions":437},"PyPI","simplejson","pypi",[438],{"version":439,"is_range":440,"range_type":441,"version_start":9,"version_start_type":9,"version_end":442,"version_end_type":443,"fixed_in":9},"lt2_6_1",true,"ecosystem","2.6.1","excluding",{"ecosystem":9,"name":445,"vendor":445,"product":445,"cpe_part":446,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":447},"python","a",[448,453,457,461],{"version":449,"is_range":440,"range_type":428,"version_start":450,"version_start_type":451,"version_end":452,"version_end_type":443,"fixed_in":9},"gte2.7.0_lt2.7.7","2.7.0","including","2.7.7",{"version":454,"is_range":440,"range_type":428,"version_start":455,"version_start_type":451,"version_end":456,"version_end_type":443,"fixed_in":9},"gte3.0.0_lt3.2.6","3.0.0","3.2.6",{"version":458,"is_range":440,"range_type":428,"version_start":459,"version_start_type":451,"version_end":460,"version_end_type":443,"fixed_in":9},"gte3.3.0_lt3.3.6","3.3.0","3.3.6",{"version":462,"is_range":440,"range_type":428,"version_start":463,"version_start_type":451,"version_end":464,"version_end_type":443,"fixed_in":9},"gte3.4.0_lt3.4.1","3.4.0","3.4.1",{"ecosystem":9,"name":435,"vendor":466,"product":435,"cpe_part":446,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":467},"simplejson_project",[468],{"version":469,"is_range":440,"range_type":428,"version_start":9,"version_start_type":9,"version_end":442,"version_end_type":443,"fixed_in":9},"lt2.6.1"]