[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-8620":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":91,"aliases":92,"duplicate_of":9,"upstream":93,"downstream":94,"duplicates":117,"related":118,"reserved_at":9,"published_at":124,"modified_at":125,"state":126,"summary":127,"references_raw":136,"kevs":180,"epss":181,"epss_history":184,"metrics":449,"affected":464},"CVE-2016-8620","The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.",null,[11,23,34],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],{"_key":24,"id":24,"name":25,"description":26,"type":15,"status":27,"abstraction":17,"likelihood_of_exploit":28,"capec":29},"CWE-190","Integer Overflow or Wraparound","The product performs a calculation that can\n         produce an integer overflow or wraparound when the logic\n         assumes that the resulting value will always be larger than\n         the original value. This occurs when an integer value is\n         incremented to a value that is too large to store in the\n         associated representation. When this occurs, the value may\n         become a very small or negative number.","Stable","Medium",[30],{"id":31,"name":32,"techniques":33},"CAPEC-92","Forced Integer Overflow",[],{"_key":35,"id":35,"name":36,"description":37,"type":15,"status":38,"abstraction":17,"likelihood_of_exploit":39,"capec":40},"CWE-120","Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.","Incomplete","High",[41,45,49,53,57,61,65,69,73,77,81,85,89],{"id":42,"name":43,"techniques":44},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":46,"name":47,"techniques":48},"CAPEC-100","Overflow Buffers",[],{"id":50,"name":51,"techniques":52},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":54,"name":55,"techniques":56},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":58,"name":59,"techniques":60},"CAPEC-42","MIME Conversion",[],{"id":62,"name":63,"techniques":64},"CAPEC-44","Overflow Binary Resource File",[],{"id":66,"name":67,"techniques":68},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":70,"name":71,"techniques":72},"CAPEC-46","Overflow Variables and Tags",[],{"id":74,"name":75,"techniques":76},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":78,"name":79,"techniques":80},"CAPEC-67","String Format Overflow in syslog()",[],{"id":82,"name":83,"techniques":84},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":86,"name":87,"techniques":88},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],{"id":31,"name":32,"techniques":90},[],[],[],[],[95,97,99,101,103,105,107,109,111,113,115],{"_key":96},"ALPINE-CVE-2016-8620",{"_key":98},"SUSE-SU-2016:2714-1",{"_key":100},"SUSE-SU-2016:2699-1",{"_key":102},"SUSE-SU-2016:2700-1",{"_key":104},"OPENSUSE-SU-2024:10303-1",{"_key":106},"DSA-3705-1",{"_key":108},"MGASA-2018-0053",{"_key":110},"UBUNTU-CVE-2016-8620",{"_key":112},"USN-3123-1",{"_key":114},"DEBIAN-CVE-2016-8620",{"_key":116},"RHSA-2018:3558",[],[119,120,121,122,123],{"_key":98},{"_key":100},{"_key":102},{"_key":104},{"_key":108},"2018-08-01T06:00:00.000Z","2026-04-15T21:04:22.525Z","Modified",{"cisa_kev":128,"cisa_ransomware":128,"cisa_vendor":9,"epss_severity":129,"epss_score":130,"severity":131,"severity_score":132,"severity_version":133,"severity_source":134,"severity_vector":135,"severity_status":126},false,"low",0.00881,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[137,145,151,156,160,166,171,175],{"url":138,"sources":139,"tags":141},"http://www.securityfocus.com/bid/94102",[140,134],"cve.org",[142,143,144],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":146,"sources":147,"tags":148},"https://access.redhat.com/errata/RHSA-2018:3558",[140,134],[149,150,144],"Vendor Advisory","X Refsource REDHAT",{"url":152,"sources":153,"tags":154},"https://curl.haxx.se/docs/adv_20161102F.html",[140,134],[155,149],"X Refsource CONFIRM",{"url":157,"sources":158,"tags":159},"https://www.tenable.com/security/tns-2016-21",[140,134],[155,144],{"url":161,"sources":162,"tags":163},"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8620",[140,134],[155,164,165,144],"Issue Tracking","Patch",{"url":167,"sources":168,"tags":169},"http://www.securitytracker.com/id/1037192",[140,134],[142,170,144],"X Refsource SECTRACK",{"url":172,"sources":173,"tags":174},"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",[140,134],[155,165],{"url":176,"sources":177,"tags":178},"https://security.gentoo.org/glsa/201701-47",[140,134],[149,179,144],"X Refsource GENTOO",[],{"date":182,"score":130,"percentile":183},"2026-06-04",0.75721,[185,189,192,195,198,202,205,208,211,214,217,220,223,226,229,232,235,238,240,243,245,248,251,254,257,260,263,266,270,273,276,279,281,284,287,290,292,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,340,342,345,348,351,354,356,359,362,365,368,371,373,376,379,382,385,387,390,393,397,400,403,406,409,412,414,416,419,422,425,428,431,433,436,439,442,445],{"date":186,"score":187,"percentile":188},"2025-11-04",0.00554,0.67187,{"date":190,"score":187,"percentile":191},"2025-11-05",0.67168,{"date":193,"score":187,"percentile":194},"2025-11-06",0.67171,{"date":196,"score":187,"percentile":197},"2025-11-07",0.67186,{"date":199,"score":200,"percentile":201},"2025-11-08",0.00546,0.66949,{"date":203,"score":200,"percentile":204},"2025-11-09",0.66942,{"date":206,"score":200,"percentile":207},"2025-11-10",0.66932,{"date":209,"score":200,"percentile":210},"2025-11-11",0.66938,{"date":212,"score":200,"percentile":213},"2025-11-12",0.66958,{"date":215,"score":200,"percentile":216},"2025-11-13",0.66968,{"date":218,"score":200,"percentile":219},"2025-11-14",0.66976,{"date":221,"score":200,"percentile":222},"2025-11-15",0.66974,{"date":224,"score":200,"percentile":225},"2025-11-16",0.66967,{"date":227,"score":200,"percentile":228},"2025-11-17",0.66961,{"date":230,"score":200,"percentile":231},"2025-11-18",0.65239,{"date":233,"score":200,"percentile":234},"2025-11-19",0.65247,{"date":236,"score":200,"percentile":237},"2025-11-20",0.65242,{"date":239,"score":200,"percentile":216},"2025-11-21",{"date":241,"score":200,"percentile":242},"2025-11-22",0.66977,{"date":244,"score":200,"percentile":216},"2025-11-23",{"date":246,"score":200,"percentile":247},"2025-11-24",0.66952,{"date":249,"score":200,"percentile":250},"2025-11-25",0.66956,{"date":252,"score":200,"percentile":253},"2025-11-26",0.66962,{"date":255,"score":200,"percentile":256},"2025-11-27",0.66966,{"date":258,"score":200,"percentile":259},"2025-11-28",0.66951,{"date":261,"score":200,"percentile":262},"2025-11-29",0.66933,{"date":264,"score":200,"percentile":265},"2025-11-30",0.66927,{"date":267,"score":268,"percentile":269},"2025-12-01",0.0077,0.72833,{"date":271,"score":268,"percentile":272},"2025-12-02",0.72846,{"date":274,"score":268,"percentile":275},"2025-12-03",0.72843,{"date":277,"score":200,"percentile":278},"2025-12-04",0.66921,{"date":280,"score":200,"percentile":262},"2025-12-05",{"date":282,"score":200,"percentile":283},"2025-12-06",0.66937,{"date":285,"score":200,"percentile":286},"2025-12-07",0.6693,{"date":288,"score":200,"percentile":289},"2025-12-08",0.66934,{"date":291,"score":200,"percentile":216},"2025-12-09",{"date":293,"score":200,"percentile":294},"2025-12-10",0.67015,{"date":296,"score":200,"percentile":297},"2025-12-11",0.67034,{"date":299,"score":200,"percentile":300},"2025-12-12",0.67059,{"date":302,"score":200,"percentile":303},"2025-12-13",0.67066,{"date":305,"score":200,"percentile":306},"2025-12-14",0.67067,{"date":308,"score":200,"percentile":309},"2025-12-15",0.67065,{"date":311,"score":200,"percentile":312},"2025-12-16",0.67073,{"date":314,"score":200,"percentile":315},"2025-12-17",0.67087,{"date":317,"score":200,"percentile":318},"2025-12-18",0.67123,{"date":320,"score":200,"percentile":321},"2025-12-19",0.67143,{"date":323,"score":200,"percentile":324},"2025-12-20",0.67141,{"date":326,"score":200,"percentile":327},"2025-12-21",0.67129,{"date":329,"score":200,"percentile":330},"2025-12-22",0.67161,{"date":332,"score":200,"percentile":333},"2025-12-23",0.67156,{"date":335,"score":200,"percentile":336},"2025-12-24",0.67164,{"date":338,"score":200,"percentile":339},"2025-12-25",0.67195,{"date":341,"score":200,"percentile":339},"2025-12-26",{"date":343,"score":200,"percentile":344},"2025-12-27",0.67247,{"date":346,"score":200,"percentile":347},"2025-12-28",0.67167,{"date":349,"score":200,"percentile":350},"2025-12-29",0.67159,{"date":352,"score":200,"percentile":353},"2025-12-30",0.67174,{"date":355,"score":200,"percentile":339},"2025-12-31",{"date":357,"score":268,"percentile":358},"2026-01-01",0.73111,{"date":360,"score":268,"percentile":361},"2026-01-02",0.7311,{"date":363,"score":268,"percentile":364},"2026-01-03",0.73109,{"date":366,"score":200,"percentile":367},"2026-01-04",0.67192,{"date":369,"score":200,"percentile":370},"2026-01-05",0.67182,{"date":372,"score":200,"percentile":367},"2026-01-06",{"date":374,"score":200,"percentile":375},"2026-01-07",0.67211,{"date":377,"score":200,"percentile":378},"2026-01-08",0.67225,{"date":380,"score":200,"percentile":381},"2026-01-09",0.67235,{"date":383,"score":200,"percentile":384},"2026-01-10",0.67237,{"date":386,"score":200,"percentile":378},"2026-01-11",{"date":388,"score":200,"percentile":389},"2026-01-12",0.67212,{"date":391,"score":200,"percentile":392},"2026-01-13",0.67208,{"date":394,"score":395,"percentile":396},"2026-01-14",0.00634,0.69822,{"date":398,"score":395,"percentile":399},"2026-01-15",0.69828,{"date":401,"score":395,"percentile":402},"2026-01-16",0.69845,{"date":404,"score":395,"percentile":405},"2026-01-17",0.69838,{"date":407,"score":395,"percentile":408},"2026-01-18",0.6982,{"date":410,"score":395,"percentile":411},"2026-01-19",0.69813,{"date":413,"score":395,"percentile":396},"2026-01-20",{"date":415,"score":395,"percentile":399},"2026-01-21",{"date":417,"score":395,"percentile":418},"2026-01-22",0.69841,{"date":420,"score":395,"percentile":421},"2026-01-23",0.69872,{"date":423,"score":395,"percentile":424},"2026-01-24",0.69876,{"date":426,"score":395,"percentile":427},"2026-01-25",0.69848,{"date":429,"score":395,"percentile":430},"2026-01-26",0.69844,{"date":432,"score":395,"percentile":427},"2026-01-27",{"date":434,"score":395,"percentile":435},"2026-01-28",0.6986,{"date":437,"score":395,"percentile":438},"2026-01-29",0.69858,{"date":440,"score":395,"percentile":441},"2026-01-30",0.69865,{"date":443,"score":395,"percentile":444},"2026-01-31",0.6987,{"date":446,"score":447,"percentile":448},"2026-02-01",0.00782,0.73382,[450,457],{"source":140,"cvss_v2_0":9,"cvss_v3_0":451,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":452,"baseSeverity":453,"vectorString":454,"impactScore":455,"exploitabilityScore":456},6.5,"MEDIUM","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",4.2,10,{"source":134,"cvss_v2_0":458,"cvss_v3_0":462,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":459,"baseSeverity":9,"vectorString":460,"impactScore":461,"exploitabilityScore":456},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,{"baseScore":132,"baseSeverity":463,"vectorString":135,"impactScore":132,"exploitabilityScore":456},"CRITICAL",[465,476],{"ecosystem":9,"name":466,"vendor":467,"product":466,"cpe_part":468,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":469},"curl","haxx","a",[470],{"version":471,"is_range":472,"range_type":473,"version_start":9,"version_start_type":9,"version_end":474,"version_end_type":475,"fixed_in":9},"lt7.51.0",true,"cpe","7.51.0","excluding",{"ecosystem":9,"name":466,"vendor":477,"product":466,"cpe_part":468,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":478},"the curl project",[479],{"version":474,"is_range":128,"range_type":140,"version_start":474,"version_start_type":480,"version_end":474,"version_end_type":480,"fixed_in":9},"including"]