[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-1000338":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":46,"related":47,"reserved_at":9,"published_at":50,"modified_at":51,"state":52,"summary":53,"references_raw":62,"kevs":124,"epss":125,"epss_history":128,"metrics":396,"affected":408},"CVE-2016-1000338","In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-347","Improper Verification of Cryptographic Signature","The product does not verify, or incorrectly verifies, the cryptographic signature for data.","weakness","Draft","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-463","Padding Oracle Crypto Attack",[],{"id":24,"name":25,"techniques":26},"CAPEC-475","Signature Spoofing by Improper Validation",[],[],[29],"GHSA-4vhj-98r6-424h",[],[32,34,36,38,40,42,44],{"_key":33},"OPENSUSE-SU-2024:10661-1",{"_key":35},"DLA-1418-1",{"_key":37},"UBUNTU-CVE-2016-1000338",{"_key":39},"MGASA-2018-0376",{"_key":41},"USN-3727-1",{"_key":43},"DEBIAN-CVE-2016-1000338",{"_key":45},"RHSA-2018:2927",[],[48,49],{"_key":33},{"_key":39},"2018-06-01T00:00:00.000Z","2024-08-06T03:55:27.500Z","Analyzed",{"cisa_kev":54,"cisa_ransomware":54,"cisa_vendor":9,"epss_severity":55,"epss_score":56,"severity":57,"severity_score":58,"severity_version":59,"severity_source":60,"severity_vector":61,"severity_status":52},false,"low",0.00381,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[63,72,77,81,85,89,93,98,102,107,112,116,120],{"url":64,"sources":65,"tags":68},"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html",[66,60,67],"cve.org","osv_maven",[69,70,71],"Mailing List","Third Party Advisory","WEB",{"url":73,"sources":74,"tags":75},"https://access.redhat.com/errata/RHSA-2018:2669",[66,60,67],[76,70,71],"Vendor Advisory",{"url":78,"sources":79,"tags":80},"https://usn.ubuntu.com/3727-1/",[66,60],[76,70],{"url":82,"sources":83,"tags":84},"https://access.redhat.com/errata/RHSA-2018:2927",[66,60,67],[76,70,71],{"url":86,"sources":87,"tags":88},"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E",[66,60,67],[69,70,71],{"url":90,"sources":91,"tags":92},"https://www.oracle.com/security-alerts/cpuoct2020.html",[66,60,67],[70,71],{"url":94,"sources":95,"tags":96},"https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0",[66,60,67],[97,70,71],"Patch",{"url":99,"sources":100,"tags":101},"https://security.netapp.com/advisory/ntap-20231006-0011/",[66,60],[70],{"url":103,"sources":104,"tags":105},"https://nvd.nist.gov/vuln/detail/CVE-2016-1000338",[67],[106],"Advisory",{"url":108,"sources":109,"tags":110},"https://github.com/bcgit/bc-java",[67],[111],"PACKAGE",{"url":113,"sources":114,"tags":115},"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E",[67],[71],{"url":117,"sources":118,"tags":119},"https://security.netapp.com/advisory/ntap-20231006-0011",[67],[71],{"url":121,"sources":122,"tags":123},"https://usn.ubuntu.com/3727-1",[67],[71],[],{"date":126,"score":56,"percentile":127},"2026-06-04",0.59848,[129,133,136,139,142,145,148,151,154,157,160,163,166,169,172,175,178,181,184,187,190,193,196,199,201,204,207,210,213,216,219,222,225,228,231,234,237,239,242,245,248,251,254,257,260,263,266,269,273,276,279,282,285,287,291,294,297,300,303,306,309,312,314,317,319,322,325,328,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,387,390,393],{"date":130,"score":131,"percentile":132},"2025-11-04",0.00382,0.58899,{"date":134,"score":131,"percentile":135},"2025-11-05",0.58883,{"date":137,"score":131,"percentile":138},"2025-11-06",0.5889,{"date":140,"score":131,"percentile":141},"2025-11-07",0.58911,{"date":143,"score":131,"percentile":144},"2025-11-08",0.58908,{"date":146,"score":131,"percentile":147},"2025-11-09",0.58897,{"date":149,"score":131,"percentile":150},"2025-11-10",0.58873,{"date":152,"score":131,"percentile":153},"2025-11-11",0.58886,{"date":155,"score":131,"percentile":156},"2025-11-12",0.5891,{"date":158,"score":131,"percentile":159},"2025-11-13",0.58916,{"date":161,"score":131,"percentile":162},"2025-11-14",0.58922,{"date":164,"score":131,"percentile":165},"2025-11-15",0.58913,{"date":167,"score":131,"percentile":168},"2025-11-16",0.58896,{"date":170,"score":131,"percentile":171},"2025-11-17",0.58891,{"date":173,"score":131,"percentile":174},"2025-11-18",0.56808,{"date":176,"score":131,"percentile":177},"2025-11-19",0.56825,{"date":179,"score":131,"percentile":180},"2025-11-20",0.56815,{"date":182,"score":131,"percentile":183},"2025-11-21",0.58904,{"date":185,"score":131,"percentile":186},"2025-11-22",0.589,{"date":188,"score":131,"percentile":189},"2025-11-23",0.58875,{"date":191,"score":131,"percentile":192},"2025-11-24",0.58872,{"date":194,"score":131,"percentile":195},"2025-11-25",0.58877,{"date":197,"score":131,"percentile":198},"2025-11-26",0.58878,{"date":200,"score":131,"percentile":135},"2025-11-27",{"date":202,"score":131,"percentile":203},"2025-11-28",0.58856,{"date":205,"score":131,"percentile":206},"2025-11-29",0.58833,{"date":208,"score":131,"percentile":209},"2025-11-30",0.58823,{"date":211,"score":131,"percentile":212},"2025-12-01",0.58977,{"date":214,"score":131,"percentile":215},"2025-12-02",0.58994,{"date":217,"score":131,"percentile":218},"2025-12-03",0.58997,{"date":220,"score":131,"percentile":221},"2025-12-04",0.58829,{"date":223,"score":131,"percentile":224},"2025-12-05",0.58835,{"date":226,"score":131,"percentile":227},"2025-12-06",0.58827,{"date":229,"score":131,"percentile":230},"2025-12-07",0.58818,{"date":232,"score":131,"percentile":233},"2025-12-08",0.58819,{"date":235,"score":131,"percentile":236},"2025-12-09",0.58848,{"date":238,"score":131,"percentile":183},"2025-12-10",{"date":240,"score":131,"percentile":241},"2025-12-11",0.58926,{"date":243,"score":131,"percentile":244},"2025-12-12",0.58943,{"date":246,"score":131,"percentile":247},"2025-12-13",0.58946,{"date":249,"score":131,"percentile":250},"2025-12-14",0.58942,{"date":252,"score":131,"percentile":253},"2025-12-15",0.58919,{"date":255,"score":131,"percentile":256},"2025-12-16",0.58937,{"date":258,"score":131,"percentile":259},"2025-12-17",0.58954,{"date":261,"score":131,"percentile":262},"2025-12-18",0.58992,{"date":264,"score":131,"percentile":265},"2025-12-19",0.59004,{"date":267,"score":131,"percentile":268},"2025-12-20",0.59007,{"date":270,"score":271,"percentile":272},"2025-12-21",0.00485,0.6464,{"date":274,"score":271,"percentile":275},"2025-12-22",0.64632,{"date":277,"score":271,"percentile":278},"2025-12-23",0.64638,{"date":280,"score":271,"percentile":281},"2025-12-24",0.64641,{"date":283,"score":271,"percentile":284},"2025-12-25",0.64667,{"date":286,"score":271,"percentile":284},"2025-12-26",{"date":288,"score":289,"percentile":290},"2025-12-27",0.00553,0.67456,{"date":292,"score":271,"percentile":293},"2025-12-28",0.64643,{"date":295,"score":271,"percentile":296},"2025-12-29",0.64633,{"date":298,"score":271,"percentile":299},"2025-12-30",0.64651,{"date":301,"score":271,"percentile":302},"2025-12-31",0.64675,{"date":304,"score":271,"percentile":305},"2026-01-01",0.64866,{"date":307,"score":271,"percentile":308},"2026-01-02",0.64852,{"date":310,"score":271,"percentile":311},"2026-01-03",0.64854,{"date":313,"score":271,"percentile":302},"2026-01-04",{"date":315,"score":271,"percentile":316},"2026-01-05",0.64671,{"date":318,"score":271,"percentile":284},"2026-01-06",{"date":320,"score":271,"percentile":321},"2026-01-07",0.64687,{"date":323,"score":271,"percentile":324},"2026-01-08",0.64708,{"date":326,"score":271,"percentile":327},"2026-01-09",0.64711,{"date":329,"score":271,"percentile":324},"2026-01-10",{"date":331,"score":271,"percentile":332},"2026-01-11",0.64698,{"date":334,"score":271,"percentile":335},"2026-01-12",0.64684,{"date":337,"score":271,"percentile":338},"2026-01-13",0.64679,{"date":340,"score":271,"percentile":341},"2026-01-14",0.64714,{"date":343,"score":271,"percentile":344},"2026-01-15",0.6473,{"date":346,"score":271,"percentile":347},"2026-01-16",0.64748,{"date":349,"score":271,"percentile":350},"2026-01-17",0.64736,{"date":352,"score":271,"percentile":353},"2026-01-18",0.64724,{"date":355,"score":271,"percentile":356},"2026-01-19",0.64712,{"date":358,"score":271,"percentile":359},"2026-01-20",0.64723,{"date":361,"score":271,"percentile":362},"2026-01-21",0.64734,{"date":364,"score":271,"percentile":365},"2026-01-22",0.64743,{"date":367,"score":271,"percentile":368},"2026-01-23",0.64773,{"date":370,"score":271,"percentile":371},"2026-01-24",0.64781,{"date":373,"score":271,"percentile":374},"2026-01-25",0.64747,{"date":376,"score":271,"percentile":377},"2026-01-26",0.64732,{"date":379,"score":271,"percentile":380},"2026-01-27",0.64742,{"date":382,"score":271,"percentile":383},"2026-01-28",0.64754,{"date":385,"score":271,"percentile":386},"2026-01-29",0.64753,{"date":388,"score":271,"percentile":389},"2026-01-30",0.64761,{"date":391,"score":271,"percentile":392},"2026-01-31",0.64764,{"date":394,"score":271,"percentile":395},"2026-02-01",0.64916,[397,406],{"source":60,"cvss_v2_0":398,"cvss_v3_0":9,"cvss_v3_1":403,"cvss_v4_0":9},{"baseScore":399,"baseSeverity":9,"vectorString":400,"impactScore":401,"exploitabilityScore":402},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":58,"baseSeverity":404,"vectorString":61,"impactScore":405,"exploitabilityScore":402},"HIGH",6,{"source":67,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":407,"cvss_v4_0":9},{"baseScore":58,"baseSeverity":9,"vectorString":61,"impactScore":405,"exploitabilityScore":402},[409,422,430,440,445,450,457,463],{"ecosystem":9,"name":410,"vendor":411,"product":410,"cpe_part":412,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":413},"legion-of-the-bouncy-castle-java-crytography-api","bouncycastle","a",[414],{"version":415,"is_range":416,"range_type":417,"version_start":418,"version_start_type":419,"version_end":420,"version_end_type":421,"fixed_in":9},"gte1.38_lt1.56",true,"cpe","1.38","including","1.56","excluding",{"ecosystem":9,"name":423,"vendor":424,"product":425,"cpe_part":426,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":427},"ubuntu linux","canonical","ubuntu_linux","o",[428],{"version":429,"is_range":54,"range_type":417,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"ecosystem":431,"name":432,"vendor":433,"product":434,"cpe_part":9,"purl_type":435,"purl_namespace":433,"purl_name":434,"source":9,"versions":436},"Maven","org.bouncycastle:bcprov-jdk14","org.bouncycastle","bcprov-jdk14","maven",[437],{"version":438,"is_range":416,"range_type":439,"version_start":418,"version_start_type":419,"version_end":420,"version_end_type":421,"fixed_in":9},"gte1_38_lt1_56","ecosystem",{"ecosystem":431,"name":441,"vendor":433,"product":442,"cpe_part":9,"purl_type":435,"purl_namespace":433,"purl_name":442,"source":9,"versions":443},"org.bouncycastle:bcprov-jdk15","bcprov-jdk15",[444],{"version":438,"is_range":416,"range_type":439,"version_start":418,"version_start_type":419,"version_end":420,"version_end_type":421,"fixed_in":9},{"ecosystem":431,"name":446,"vendor":433,"product":447,"cpe_part":9,"purl_type":435,"purl_namespace":433,"purl_name":447,"source":9,"versions":448},"org.bouncycastle:bcprov-jdk15on","bcprov-jdk15on",[449],{"version":438,"is_range":416,"range_type":439,"version_start":418,"version_start_type":419,"version_end":420,"version_end_type":421,"fixed_in":9},{"ecosystem":9,"name":451,"vendor":452,"product":453,"cpe_part":412,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":454},"7-mode transition tool","netapp","7-mode_transition_tool",[455],{"version":456,"is_range":54,"range_type":417,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":9,"name":458,"vendor":459,"product":458,"cpe_part":412,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"satellite","redhat",[461],{"version":462,"is_range":54,"range_type":417,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.4",{"ecosystem":9,"name":464,"vendor":459,"product":465,"cpe_part":412,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":466},"satellite capsule","satellite_capsule",[467],{"version":462,"is_range":54,"range_type":417,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]