[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-18906":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":660,"aliases":661,"duplicate_of":9,"upstream":664,"downstream":665,"duplicates":668,"related":669,"reserved_at":9,"published_at":671,"modified_at":672,"state":673,"summary":674,"references_raw":683,"kevs":723,"epss":724,"epss_history":727,"metrics":983,"affected":995},"CVE-2017-18906","An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-287","Improper Authentication","When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.","weakness","Draft","Class","High",[20,182,261,265,269,273,292,481,543,627],{"id":21,"name":22,"techniques":23},"CAPEC-114","Authentication Abuse",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1548","Abuse Elevation Control Mechanism",[28,31],{"id":29,"name":30},"TA0030","Defense Evasion",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,61,65,69,73,77,81,85,89,94,98,103,108,112,116,120,125,129,133,137,141,146,150,154,158,162,166,170,174,178],{"id":36,"name":37,"tactic":38},"D3-CI","Configuration Inventory",{"name":39},"Model",{"id":41,"name":42,"tactic":43},"D3-AM","Access Modeling",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DI","Data Inventory",{"name":39},{"id":49,"name":50,"tactic":51},"D3-NTPM","Network Traffic Policy Mapping",{"name":39},{"id":53,"name":54,"tactic":55},"D3-AEM","Application Exception Monitoring",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SCA","System Call Analysis",{"name":56},{"id":62,"name":63,"tactic":64},"D3-SFA","System File Analysis",{"name":56},{"id":66,"name":67,"tactic":68},"D3-FA","File Analysis",{"name":56},{"id":70,"name":71,"tactic":72},"D3-FIM","File Integrity Monitoring",{"name":56},{"id":74,"name":75,"tactic":76},"D3-OPM","Operational Process Monitoring",{"name":56},{"id":78,"name":79,"tactic":80},"D3-DA","Dynamic Analysis",{"name":56},{"id":82,"name":83,"tactic":84},"D3-EFA","Emulated File Analysis",{"name":56},{"id":86,"name":87,"tactic":88},"D3-PSA","Process Spawn Analysis",{"name":56},{"id":90,"name":91,"tactic":92},"D3-FEV","File Eviction",{"name":93},"Evict",{"id":95,"name":96,"tactic":97},"D3-AL","Account Locking",{"name":93},{"id":99,"name":100,"tactic":101},"D3-DF","Decoy File",{"name":102},"Deceive",{"id":104,"name":105,"tactic":106},"D3-FE","File Encryption",{"name":107},"Harden",{"id":109,"name":110,"tactic":111},"D3-AA","Agent Authentication",{"name":107},{"id":113,"name":114,"tactic":115},"D3-CDP","Change Default Password",{"name":107},{"id":117,"name":118,"tactic":119},"D3-SCP","System Configuration Permissions",{"name":107},{"id":121,"name":122,"tactic":123},"D3-RC","Restore Configuration",{"name":124},"Restore",{"id":126,"name":127,"tactic":128},"D3-RF","Restore File",{"name":124},{"id":130,"name":131,"tactic":132},"D3-ULA","Unlock Account",{"name":124},{"id":134,"name":135,"tactic":136},"D3-RUAA","Restore User Account Access",{"name":124},{"id":138,"name":139,"tactic":140},"D3-RD","Restore Database",{"name":124},{"id":142,"name":143,"tactic":144},"D3-SCF","System Call Filtering",{"name":145},"Isolate",{"id":147,"name":148,"tactic":149},"D3-CF","Content Filtering",{"name":145},{"id":151,"name":152,"tactic":153},"D3-LFP","Local File Permissions",{"name":145},{"id":155,"name":156,"tactic":157},"D3-RFAM","Remote File Access Mediation",{"name":145},{"id":159,"name":160,"tactic":161},"D3-CQ","Content Quarantine",{"name":145},{"id":163,"name":164,"tactic":165},"D3-CM","Content Modification",{"name":145},{"id":167,"name":168,"tactic":169},"D3-UAP","User Account Permissions",{"name":145},{"id":171,"name":172,"tactic":173},"D3-EAL","Executable Allowlisting",{"name":145},{"id":175,"name":176,"tactic":177},"D3-EDL","Executable Denylisting",{"name":145},{"id":179,"name":180,"tactic":181},"D3-HBPI","Hardware-based Process Isolation",{"name":145},{"id":183,"name":184,"techniques":185},"CAPEC-115","Authentication Bypass",[186],{"id":25,"name":26,"tactics":187,"countermeasures":190},[188,189],{"id":29,"name":30},{"id":32,"name":33},[191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259],{"id":36,"name":37,"tactic":192},{"name":39},{"id":41,"name":42,"tactic":194},{"name":39},{"id":45,"name":46,"tactic":196},{"name":39},{"id":49,"name":50,"tactic":198},{"name":39},{"id":53,"name":54,"tactic":200},{"name":56},{"id":58,"name":59,"tactic":202},{"name":56},{"id":62,"name":63,"tactic":204},{"name":56},{"id":66,"name":67,"tactic":206},{"name":56},{"id":70,"name":71,"tactic":208},{"name":56},{"id":74,"name":75,"tactic":210},{"name":56},{"id":78,"name":79,"tactic":212},{"name":56},{"id":82,"name":83,"tactic":214},{"name":56},{"id":86,"name":87,"tactic":216},{"name":56},{"id":90,"name":91,"tactic":218},{"name":93},{"id":95,"name":96,"tactic":220},{"name":93},{"id":99,"name":100,"tactic":222},{"name":102},{"id":104,"name":105,"tactic":224},{"name":107},{"id":109,"name":110,"tactic":226},{"name":107},{"id":113,"name":114,"tactic":228},{"name":107},{"id":117,"name":118,"tactic":230},{"name":107},{"id":121,"name":122,"tactic":232},{"name":124},{"id":126,"name":127,"tactic":234},{"name":124},{"id":130,"name":131,"tactic":236},{"name":124},{"id":134,"name":135,"tactic":238},{"name":124},{"id":138,"name":139,"tactic":240},{"name":124},{"id":142,"name":143,"tactic":242},{"name":145},{"id":147,"name":148,"tactic":244},{"name":145},{"id":151,"name":152,"tactic":246},{"name":145},{"id":155,"name":156,"tactic":248},{"name":145},{"id":159,"name":160,"tactic":250},{"name":145},{"id":163,"name":164,"tactic":252},{"name":145},{"id":167,"name":168,"tactic":254},{"name":145},{"id":171,"name":172,"tactic":256},{"name":145},{"id":175,"name":176,"tactic":258},{"name":145},{"id":179,"name":180,"tactic":260},{"name":145},{"id":262,"name":263,"techniques":264},"CAPEC-151","Identity Spoofing",[],{"id":266,"name":267,"techniques":268},"CAPEC-194","Fake the Source of Data",[],{"id":270,"name":271,"techniques":272},"CAPEC-22","Exploiting Trust in Client",[],{"id":274,"name":275,"techniques":276},"CAPEC-57","Utilizing REST's Trust in the System Resource to Obtain Sensitive Data",[277],{"id":278,"name":279,"tactics":280,"countermeasures":287},"T1040","Network Sniffing",[281,284],{"id":282,"name":283},"TA0031","Credential Access",{"id":285,"name":286},"TA0102","Discovery",[288],{"id":289,"name":290,"tactic":291},"D3-DNSTA","DNS Traffic Analysis",{"name":56},{"id":293,"name":294,"techniques":295},"CAPEC-593","Session Hijacking",[296,340,453],{"id":297,"name":298,"tactics":299,"countermeasures":303},"T1185","Browser Session Hijacking",[300],{"id":301,"name":302},"TA0100","Collection",[304,308,312,316,320,324,328,332,336],{"id":305,"name":306,"tactic":307},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":56},{"id":309,"name":310,"tactic":311},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":56},{"id":313,"name":314,"tactic":315},"D3-CSPP","Client-server Payload Profiling",{"name":56},{"id":317,"name":318,"tactic":319},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":56},{"id":321,"name":322,"tactic":323},"D3-NTSA","Network Traffic Signature Analysis",{"name":56},{"id":325,"name":326,"tactic":327},"D3-APCA","Application Protocol Command Analysis",{"name":56},{"id":329,"name":330,"tactic":331},"D3-NTCD","Network Traffic Community Deviation",{"name":56},{"id":333,"name":334,"tactic":335},"D3-RTSD","Remote Terminal Session Detection",{"name":56},{"id":337,"name":338,"tactic":339},"D3-NTF","Network Traffic Filtering",{"name":145},{"id":341,"name":342,"tactics":343,"countermeasures":348},"T1550.001","Application Access Token",[344,345],{"id":29,"name":30},{"id":346,"name":347},"TA0109","Lateral Movement",[349,353,357,359,363,365,367,369,371,373,375,377,379,383,387,391,395,399,403,407,411,415,419,423,427,431,435,437,439,443,447,451],{"id":350,"name":351,"tactic":352},"D3-PLA","Process Lineage Analysis",{"name":56},{"id":354,"name":355,"tactic":356},"D3-PSMD","Process Self-Modification Detection",{"name":56},{"id":86,"name":87,"tactic":358},{"name":56},{"id":360,"name":361,"tactic":362},"D3-CCSA","Credential Compromise Scope Analysis",{"name":56},{"id":305,"name":306,"tactic":364},{"name":56},{"id":309,"name":310,"tactic":366},{"name":56},{"id":313,"name":314,"tactic":368},{"name":56},{"id":317,"name":318,"tactic":370},{"name":56},{"id":321,"name":322,"tactic":372},{"name":56},{"id":325,"name":326,"tactic":374},{"name":56},{"id":329,"name":330,"tactic":376},{"name":56},{"id":333,"name":334,"tactic":378},{"name":56},{"id":380,"name":381,"tactic":382},"D3-PT","Process Termination",{"name":93},{"id":384,"name":385,"tactic":386},"D3-PS","Process Suspension",{"name":93},{"id":388,"name":389,"tactic":390},"D3-HR","Host Reboot",{"name":93},{"id":392,"name":393,"tactic":394},"D3-HS","Host Shutdown",{"name":93},{"id":396,"name":397,"tactic":398},"D3-CR","Credential Revocation",{"name":93},{"id":400,"name":401,"tactic":402},"D3-ANCI","Authentication Cache Invalidation",{"name":93},{"id":404,"name":405,"tactic":406},"D3-DUC","Decoy User Credential",{"name":102},{"id":408,"name":409,"tactic":410},"D3-CH","Credential Hardening",{"name":107},{"id":412,"name":413,"tactic":414},"D3-MFA","Multi-factor Authentication",{"name":107},{"id":416,"name":417,"tactic":418},"D3-CRO","Credential Rotation",{"name":107},{"id":420,"name":421,"tactic":422},"D3-TB","Token Binding",{"name":107},{"id":424,"name":425,"tactic":426},"D3-TBA","Token-based Authentication",{"name":107},{"id":428,"name":429,"tactic":430},"D3-RIC","Reissue Credential",{"name":124},{"id":432,"name":433,"tactic":434},"D3-KBPI","Kernel-based Process Isolation",{"name":145},{"id":142,"name":143,"tactic":436},{"name":145},{"id":179,"name":180,"tactic":438},{"name":145},{"id":440,"name":441,"tactic":442},"D3-ABPI","Application-based Process Isolation",{"name":145},{"id":444,"name":445,"tactic":446},"D3-WSAM","Web Session Access Mediation",{"name":145},{"id":448,"name":449,"tactic":450},"D3-CTS","Credential Transmission Scoping",{"name":145},{"id":337,"name":338,"tactic":452},{"name":145},{"id":454,"name":455,"tactics":456,"countermeasures":458},"T1563","Remote Service Session Hijacking",[457],{"id":346,"name":347},[459,461,463,465,467,469,471,473,475,479],{"id":305,"name":306,"tactic":460},{"name":56},{"id":309,"name":310,"tactic":462},{"name":56},{"id":313,"name":314,"tactic":464},{"name":56},{"id":317,"name":318,"tactic":466},{"name":56},{"id":321,"name":322,"tactic":468},{"name":56},{"id":325,"name":326,"tactic":470},{"name":56},{"id":329,"name":330,"tactic":472},{"name":56},{"id":333,"name":334,"tactic":474},{"name":56},{"id":476,"name":477,"tactic":478},"D3-ST","Session Termination",{"name":93},{"id":337,"name":338,"tactic":480},{"name":145},{"id":482,"name":483,"techniques":484},"CAPEC-633","Token Impersonation",[485],{"id":486,"name":487,"tactics":488,"countermeasures":494},"T1134","Access Token Manipulation",[489,490,493],{"id":29,"name":30},{"id":491,"name":492},"TA0005","Stealth",{"id":32,"name":33},[495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527,529,531,533,535,537,539,541],{"id":36,"name":37,"tactic":496},{"name":39},{"id":49,"name":50,"tactic":498},{"name":39},{"id":41,"name":42,"tactic":500},{"name":39},{"id":53,"name":54,"tactic":502},{"name":56},{"id":58,"name":59,"tactic":504},{"name":56},{"id":360,"name":361,"tactic":506},{"name":56},{"id":74,"name":75,"tactic":508},{"name":56},{"id":86,"name":87,"tactic":510},{"name":56},{"id":476,"name":477,"tactic":512},{"name":93},{"id":396,"name":397,"tactic":514},{"name":93},{"id":400,"name":401,"tactic":516},{"name":93},{"id":404,"name":405,"tactic":518},{"name":102},{"id":408,"name":409,"tactic":520},{"name":107},{"id":412,"name":413,"tactic":522},{"name":107},{"id":416,"name":417,"tactic":524},{"name":107},{"id":420,"name":421,"tactic":526},{"name":107},{"id":424,"name":425,"tactic":528},{"name":107},{"id":121,"name":122,"tactic":530},{"name":124},{"id":428,"name":429,"tactic":532},{"name":124},{"id":142,"name":143,"tactic":534},{"name":145},{"id":448,"name":449,"tactic":536},{"name":145},{"id":171,"name":172,"tactic":538},{"name":145},{"id":175,"name":176,"tactic":540},{"name":145},{"id":179,"name":180,"tactic":542},{"name":145},{"id":544,"name":545,"techniques":546},"CAPEC-650","Upload a Web Shell to a Web Server",[547],{"id":548,"name":549,"tactics":550,"countermeasures":554},"T1505.003","Web Shell",[551],{"id":552,"name":553},"TA0110","Persistence",[555,559,563,567,571,573,575,577,579,581,583,585,587,589,591,593,595,597,599,603,605,607,609,611,613,615,617,619,621,623,625],{"id":556,"name":557,"tactic":558},"D3-NNI","Network Node Inventory",{"name":39},{"id":560,"name":561,"tactic":562},"D3-PLM","Physical Link Mapping",{"name":39},{"id":564,"name":565,"tactic":566},"D3-LLM","Logical Link Mapping",{"name":39},{"id":568,"name":569,"tactic":570},"D3-EHB","Endpoint Health Beacon",{"name":56},{"id":66,"name":67,"tactic":572},{"name":56},{"id":70,"name":71,"tactic":574},{"name":56},{"id":78,"name":79,"tactic":576},{"name":56},{"id":82,"name":83,"tactic":578},{"name":56},{"id":350,"name":351,"tactic":580},{"name":56},{"id":354,"name":355,"tactic":582},{"name":56},{"id":86,"name":87,"tactic":584},{"name":56},{"id":90,"name":91,"tactic":586},{"name":93},{"id":380,"name":381,"tactic":588},{"name":93},{"id":384,"name":385,"tactic":590},{"name":93},{"id":388,"name":389,"tactic":592},{"name":93},{"id":392,"name":393,"tactic":594},{"name":93},{"id":99,"name":100,"tactic":596},{"name":102},{"id":104,"name":105,"tactic":598},{"name":107},{"id":600,"name":601,"tactic":602},"D3-RNA","Restore Network Access",{"name":124},{"id":126,"name":127,"tactic":604},{"name":124},{"id":147,"name":148,"tactic":606},{"name":145},{"id":151,"name":152,"tactic":608},{"name":145},{"id":155,"name":156,"tactic":610},{"name":145},{"id":159,"name":160,"tactic":612},{"name":145},{"id":163,"name":164,"tactic":614},{"name":145},{"id":171,"name":172,"tactic":616},{"name":145},{"id":175,"name":176,"tactic":618},{"name":145},{"id":432,"name":433,"tactic":620},{"name":145},{"id":142,"name":143,"tactic":622},{"name":145},{"id":179,"name":180,"tactic":624},{"name":145},{"id":440,"name":441,"tactic":626},{"name":145},{"id":628,"name":629,"techniques":630},"CAPEC-94","Adversary in the Middle (AiTM)",[631],{"id":632,"name":633,"tactics":634,"countermeasures":637},"T1557","Adversary-in-the-Middle",[635,636],{"id":282,"name":283},{"id":301,"name":302},[638,640,642,644,646,648,650,652,654,658],{"id":305,"name":306,"tactic":639},{"name":56},{"id":309,"name":310,"tactic":641},{"name":56},{"id":313,"name":314,"tactic":643},{"name":56},{"id":317,"name":318,"tactic":645},{"name":56},{"id":321,"name":322,"tactic":647},{"name":56},{"id":325,"name":326,"tactic":649},{"name":56},{"id":329,"name":330,"tactic":651},{"name":56},{"id":333,"name":334,"tactic":653},{"name":56},{"id":655,"name":656,"tactic":657},"D3-CAA","Connection Attempt Analysis",{"name":56},{"id":337,"name":338,"tactic":659},{"name":145},[],[662,663],"GHSA-fpcr-4rr5-hpcp","GO-2026-4477",[],[666],{"_key":667},"SUSE-SU-2026:0757-1",[],[670],{"_key":667},"2020-06-19T19:18:16.000Z","2024-08-05T21:37:44.352Z","Modified",{"cisa_kev":675,"cisa_ransomware":675,"cisa_vendor":9,"epss_severity":676,"epss_score":677,"severity":678,"severity_score":679,"severity_version":680,"severity_source":681,"severity_vector":682,"severity_status":673},false,"low",0.00209,"high",8.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",[684,691,697,702,706,710,715,719],{"url":685,"sources":686,"tags":688},"https://mattermost.com/security-updates/",[687,681],"cve.org",[689,690],"X Refsource CONFIRM","Vendor Advisory",{"url":692,"sources":693,"tags":695},"https://nvd.nist.gov/vuln/detail/CVE-2017-18906",[694],"osv_go",[696],"Advisory",{"url":698,"sources":699,"tags":700},"https://github.com/mattermost/mattermost/commit/259ad46f30d0fac2f7c5c14f3b76b2170f7e90c7",[694],[701],"WEB",{"url":703,"sources":704,"tags":705},"https://github.com/mattermost/mattermost/commit/b17fca0d5ee7557e3df1cf1d1da8bd749859e35f",[694],[701],{"url":707,"sources":708,"tags":709},"https://github.com/mattermost/mattermost/commit/fbc170733e86f09b46ba754dd03304733d2f482f",[694],[701],{"url":711,"sources":712,"tags":713},"https://github.com/mattermost/mattermost",[694],[714],"PACKAGE",{"url":716,"sources":717,"tags":718},"https://mattermost.com/security-updates",[694],[701],{"url":720,"sources":721,"tags":722},"https://github.com/advisories/GHSA-fpcr-4rr5-hpcp",[694],[696],[],{"date":725,"score":677,"percentile":726},"2026-06-05",0.43302,[728,731,734,737,740,743,746,749,752,754,757,760,763,766,769,772,775,778,781,783,786,789,792,795,798,801,804,807,810,812,815,818,821,824,826,829,832,834,836,839,842,845,848,851,854,857,860,863,865,868,870,872,875,878,881,883,886,889,892,895,898,901,904,907,910,912,915,917,919,922,925,928,931,933,936,939,942,945,948,951,954,957,959,962,965,968,971,974,977,980],{"date":729,"score":677,"percentile":730},"2025-11-04",0.43313,{"date":732,"score":677,"percentile":733},"2025-11-05",0.43309,{"date":735,"score":677,"percentile":736},"2025-11-06",0.43322,{"date":738,"score":677,"percentile":739},"2025-11-07",0.43347,{"date":741,"score":677,"percentile":742},"2025-11-08",0.43346,{"date":744,"score":677,"percentile":745},"2025-11-09",0.43324,{"date":747,"score":677,"percentile":748},"2025-11-10",0.43289,{"date":750,"score":677,"percentile":751},"2025-11-11",0.43307,{"date":753,"score":677,"percentile":742},"2025-11-12",{"date":755,"score":677,"percentile":756},"2025-11-13",0.43359,{"date":758,"score":677,"percentile":759},"2025-11-14",0.43372,{"date":761,"score":677,"percentile":762},"2025-11-15",0.43367,{"date":764,"score":677,"percentile":765},"2025-11-16",0.43351,{"date":767,"score":677,"percentile":768},"2025-11-17",0.43321,{"date":770,"score":677,"percentile":771},"2025-11-18",0.39008,{"date":773,"score":677,"percentile":774},"2025-11-19",0.39017,{"date":776,"score":677,"percentile":777},"2025-11-20",0.39018,{"date":779,"score":677,"percentile":780},"2025-11-21",0.43303,{"date":782,"score":677,"percentile":726},"2025-11-22",{"date":784,"score":677,"percentile":785},"2025-11-23",0.43278,{"date":787,"score":677,"percentile":788},"2025-11-24",0.4327,{"date":790,"score":677,"percentile":791},"2025-11-25",0.43283,{"date":793,"score":677,"percentile":794},"2025-11-26",0.43282,{"date":796,"score":677,"percentile":797},"2025-11-27",0.4329,{"date":799,"score":677,"percentile":800},"2025-11-28",0.4326,{"date":802,"score":677,"percentile":803},"2025-11-29",0.43239,{"date":805,"score":677,"percentile":806},"2025-11-30",0.4322,{"date":808,"score":677,"percentile":809},"2025-12-01",0.43345,{"date":811,"score":677,"percentile":756},"2025-12-02",{"date":813,"score":677,"percentile":814},"2025-12-03",0.43361,{"date":816,"score":677,"percentile":817},"2025-12-04",0.43221,{"date":819,"score":677,"percentile":820},"2025-12-05",0.43246,{"date":822,"score":677,"percentile":823},"2025-12-06",0.43241,{"date":825,"score":677,"percentile":817},"2025-12-07",{"date":827,"score":677,"percentile":828},"2025-12-08",0.43223,{"date":830,"score":677,"percentile":831},"2025-12-09",0.43256,{"date":833,"score":677,"percentile":736},"2025-12-10",{"date":835,"score":677,"percentile":765},"2025-12-11",{"date":837,"score":677,"percentile":838},"2025-12-12",0.43377,{"date":840,"score":677,"percentile":841},"2025-12-13",0.43357,{"date":843,"score":677,"percentile":844},"2025-12-14",0.43325,{"date":846,"score":677,"percentile":847},"2025-12-15",0.43308,{"date":849,"score":677,"percentile":850},"2025-12-16",0.43334,{"date":852,"score":677,"percentile":853},"2025-12-17",0.43376,{"date":855,"score":677,"percentile":856},"2025-12-18",0.43415,{"date":858,"score":677,"percentile":859},"2025-12-19",0.43433,{"date":861,"score":677,"percentile":862},"2025-12-20",0.43412,{"date":864,"score":677,"percentile":853},"2025-12-21",{"date":866,"score":677,"percentile":867},"2025-12-22",0.43353,{"date":869,"score":677,"percentile":765},"2025-12-23",{"date":871,"score":677,"percentile":762},"2025-12-24",{"date":873,"score":677,"percentile":874},"2025-12-25",0.43417,{"date":876,"score":677,"percentile":877},"2025-12-26",0.43399,{"date":879,"score":677,"percentile":880},"2025-12-27",0.43419,{"date":882,"score":677,"percentile":745},"2025-12-28",{"date":884,"score":677,"percentile":885},"2025-12-29",0.43305,{"date":887,"score":677,"percentile":888},"2025-12-30",0.43298,{"date":890,"score":677,"percentile":891},"2025-12-31",0.43344,{"date":893,"score":677,"percentile":894},"2026-01-01",0.43484,{"date":896,"score":677,"percentile":897},"2026-01-02",0.43458,{"date":899,"score":677,"percentile":900},"2026-01-03",0.43449,{"date":902,"score":677,"percentile":903},"2026-01-04",0.43285,{"date":905,"score":677,"percentile":906},"2026-01-05",0.43263,{"date":908,"score":677,"percentile":909},"2026-01-06",0.43265,{"date":911,"score":677,"percentile":791},"2026-01-07",{"date":913,"score":677,"percentile":914},"2026-01-08",0.43311,{"date":916,"score":677,"percentile":797},"2026-01-09",{"date":918,"score":677,"percentile":797},"2026-01-10",{"date":920,"score":677,"percentile":921},"2026-01-11",0.43264,{"date":923,"score":677,"percentile":924},"2026-01-12",0.43216,{"date":926,"score":677,"percentile":927},"2026-01-13",0.43194,{"date":929,"score":677,"percentile":930},"2026-01-14",0.43245,{"date":932,"score":677,"percentile":803},"2026-01-15",{"date":934,"score":677,"percentile":935},"2026-01-16",0.43259,{"date":937,"score":677,"percentile":938},"2026-01-17",0.43228,{"date":940,"score":677,"percentile":941},"2026-01-18",0.43188,{"date":943,"score":677,"percentile":944},"2026-01-19",0.43162,{"date":946,"score":677,"percentile":947},"2026-01-20",0.43156,{"date":949,"score":677,"percentile":950},"2026-01-21",0.43159,{"date":952,"score":677,"percentile":953},"2026-01-22",0.4316,{"date":955,"score":677,"percentile":956},"2026-01-23",0.43213,{"date":958,"score":677,"percentile":828},"2026-01-24",{"date":960,"score":677,"percentile":961},"2026-01-25",0.43166,{"date":963,"score":677,"percentile":964},"2026-01-26",0.43122,{"date":966,"score":677,"percentile":967},"2026-01-27",0.43121,{"date":969,"score":677,"percentile":970},"2026-01-28",0.4312,{"date":972,"score":677,"percentile":973},"2026-01-29",0.43105,{"date":975,"score":677,"percentile":976},"2026-01-30",0.43116,{"date":978,"score":677,"percentile":979},"2026-01-31",0.43127,{"date":981,"score":677,"percentile":982},"2026-02-01",0.43247,[984,993],{"source":681,"cvss_v2_0":985,"cvss_v3_0":9,"cvss_v3_1":989,"cvss_v4_0":9},{"baseScore":986,"baseSeverity":9,"vectorString":987,"impactScore":986,"exploitabilityScore":988},4.9,"AV:N/AC:M/Au:S/C:P/I:P/A:N",6.8,{"baseScore":679,"baseSeverity":990,"vectorString":682,"impactScore":991,"exploitabilityScore":992},"HIGH",8.7,7.2,{"source":694,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":994,"cvss_v4_0":9},{"baseScore":679,"baseSeverity":9,"vectorString":682,"impactScore":991,"exploitabilityScore":992},[996,1018],{"ecosystem":997,"name":998,"vendor":999,"product":1000,"cpe_part":9,"purl_type":1001,"purl_namespace":999,"purl_name":1000,"source":9,"versions":1002},"Go","github.com/mattermost/mattermost-server","github.com/mattermost","mattermost-server","golang",[1003,1009,1014],{"version":1004,"is_range":1005,"range_type":1006,"version_start":9,"version_start_type":9,"version_end":1007,"version_end_type":1008,"fixed_in":9},"lt3_9_2_0_20170714134023_b17fca0d5ee7",true,"semver","3.9.2-0.20170714134023-b17fca0d5ee7","excluding",{"version":1010,"is_range":1005,"range_type":1006,"version_start":1011,"version_start_type":1012,"version_end":1013,"version_end_type":1008,"fixed_in":9},"gte3_10_0_lt3_10_2","3.10.0","including","3.10.2",{"version":1015,"is_range":1005,"range_type":1006,"version_start":1016,"version_start_type":1012,"version_end":1017,"version_end_type":1008,"fixed_in":9},"gte3_10_0+incompatible_lt3_10_2+incompatible","3.10.0+incompatible","3.10.2+incompatible",{"ecosystem":9,"name":1019,"vendor":1020,"product":1021,"cpe_part":1022,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":1023},"mattermost server","mattermost","mattermost_server","a",[1024,1028],{"version":1025,"is_range":1005,"range_type":1026,"version_start":9,"version_start_type":9,"version_end":1027,"version_end_type":1008,"fixed_in":9},"lt3.9.2","cpe","3.9.2",{"version":1029,"is_range":1005,"range_type":1026,"version_start":1011,"version_start_type":1012,"version_end":1013,"version_end_type":1008,"fixed_in":9},"gte3.10.0_lt3.10.2"]