[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-9225":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":30,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":37,"related":38,"reserved_at":9,"published_at":39,"modified_at":40,"state":41,"summary":42,"references_raw":50,"kevs":64,"epss":65,"epss_history":68,"metrics":329,"affected":338},"CVE-2017-9225","An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-787","Out-of-bounds Write","The product writes data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base","High",[],[21],{"_key":22,"name":23,"source":24,"url":25,"maturity":26,"reliability_score":27,"verified":28,"type":9,"platforms":29,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_KKOS_ONIGURUMA","Oniguruma","github","https://github.com/kkos/oniguruma/issues/57","poc",0.3,false,[],[],[],[33,35],{"_key":34},"RHSA-2026:7545",{"_key":36},"DEBIAN-CVE-2017-9225",[],[],"2017-05-24T15:00:00.000Z","2024-09-17T03:07:00.571Z","Modified",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":43,"epss_score":44,"severity":45,"severity_score":46,"severity_version":47,"severity_source":48,"severity_vector":49,"severity_status":41},"low",0.00223,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[51,59],{"url":52,"sources":53,"tags":55},"https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f",[54,48],"cve.org",[56,57,58],"X Refsource CONFIRM","Patch","Third Party Advisory",{"url":60,"sources":61,"tags":62},"https://github.com/kkos/oniguruma/issues/56",[54,48],[56,63,58],"Exploit",[],{"date":66,"score":44,"percentile":67},"2026-06-04",0.44932,[69,73,76,79,82,85,88,91,94,97,100,103,106,109,111,115,118,121,123,126,129,132,134,136,139,142,145,148,151,154,157,160,163,166,169,172,175,177,180,183,185,188,191,194,197,199,202,205,208,211,214,216,219,222,225,228,230,233,236,239,242,245,248,251,254,257,260,263,265,268,271,274,278,281,284,287,290,293,296,298,301,304,306,309,312,315,318,320,323,326],{"date":70,"score":71,"percentile":72},"2025-11-04",0.00392,0.59515,{"date":74,"score":71,"percentile":75},"2025-11-05",0.595,{"date":77,"score":71,"percentile":78},"2025-11-06",0.59504,{"date":80,"score":71,"percentile":81},"2025-11-07",0.59522,{"date":83,"score":71,"percentile":84},"2025-11-08",0.59519,{"date":86,"score":71,"percentile":87},"2025-11-09",0.59513,{"date":89,"score":71,"percentile":90},"2025-11-10",0.5949,{"date":92,"score":71,"percentile":93},"2025-11-11",0.59502,{"date":95,"score":71,"percentile":96},"2025-11-12",0.59526,{"date":98,"score":71,"percentile":99},"2025-11-13",0.59532,{"date":101,"score":71,"percentile":102},"2025-11-14",0.59538,{"date":104,"score":71,"percentile":105},"2025-11-15",0.59528,{"date":107,"score":71,"percentile":108},"2025-11-16",0.59514,{"date":110,"score":71,"percentile":108},"2025-11-17",{"date":112,"score":113,"percentile":114},"2025-11-18",0.00427,0.59691,{"date":116,"score":113,"percentile":117},"2025-11-19",0.59704,{"date":119,"score":113,"percentile":120},"2025-11-20",0.59692,{"date":122,"score":71,"percentile":96},"2025-11-21",{"date":124,"score":71,"percentile":125},"2025-11-22",0.59525,{"date":127,"score":71,"percentile":128},"2025-11-23",0.59501,{"date":130,"score":71,"percentile":131},"2025-11-24",0.59498,{"date":133,"score":71,"percentile":78},"2025-11-25",{"date":135,"score":71,"percentile":78},"2025-11-26",{"date":137,"score":71,"percentile":138},"2025-11-27",0.5951,{"date":140,"score":71,"percentile":141},"2025-11-28",0.59485,{"date":143,"score":71,"percentile":144},"2025-11-29",0.59461,{"date":146,"score":71,"percentile":147},"2025-11-30",0.59449,{"date":149,"score":71,"percentile":150},"2025-12-01",0.59597,{"date":152,"score":71,"percentile":153},"2025-12-02",0.59609,{"date":155,"score":71,"percentile":156},"2025-12-03",0.59613,{"date":158,"score":71,"percentile":159},"2025-12-04",0.59448,{"date":161,"score":71,"percentile":162},"2025-12-05",0.59454,{"date":164,"score":71,"percentile":165},"2025-12-06",0.59445,{"date":167,"score":71,"percentile":168},"2025-12-07",0.59437,{"date":170,"score":71,"percentile":171},"2025-12-08",0.5944,{"date":173,"score":71,"percentile":174},"2025-12-09",0.59473,{"date":176,"score":71,"percentile":81},"2025-12-10",{"date":178,"score":71,"percentile":179},"2025-12-11",0.59542,{"date":181,"score":71,"percentile":182},"2025-12-12",0.59559,{"date":184,"score":71,"percentile":182},"2025-12-13",{"date":186,"score":71,"percentile":187},"2025-12-14",0.59553,{"date":189,"score":71,"percentile":190},"2025-12-15",0.5953,{"date":192,"score":71,"percentile":193},"2025-12-16",0.59554,{"date":195,"score":71,"percentile":196},"2025-12-17",0.59572,{"date":198,"score":71,"percentile":153},"2025-12-18",{"date":200,"score":71,"percentile":201},"2025-12-19",0.5962,{"date":203,"score":71,"percentile":204},"2025-12-20",0.59623,{"date":206,"score":71,"percentile":207},"2025-12-21",0.59612,{"date":209,"score":71,"percentile":210},"2025-12-22",0.59603,{"date":212,"score":71,"percentile":213},"2025-12-23",0.59615,{"date":215,"score":71,"percentile":201},"2025-12-24",{"date":217,"score":71,"percentile":218},"2025-12-25",0.59658,{"date":220,"score":71,"percentile":221},"2025-12-26",0.59653,{"date":223,"score":71,"percentile":224},"2025-12-27",0.59711,{"date":226,"score":71,"percentile":227},"2025-12-28",0.59631,{"date":229,"score":71,"percentile":204},"2025-12-29",{"date":231,"score":71,"percentile":232},"2025-12-30",0.59637,{"date":234,"score":71,"percentile":235},"2025-12-31",0.59663,{"date":237,"score":71,"percentile":238},"2026-01-01",0.59835,{"date":240,"score":71,"percentile":241},"2026-01-02",0.5982,{"date":243,"score":71,"percentile":244},"2026-01-03",0.59819,{"date":246,"score":71,"percentile":247},"2026-01-04",0.59644,{"date":249,"score":71,"percentile":250},"2026-01-05",0.59632,{"date":252,"score":71,"percentile":253},"2026-01-06",0.59639,{"date":255,"score":71,"percentile":256},"2026-01-07",0.59666,{"date":258,"score":71,"percentile":259},"2026-01-08",0.5969,{"date":261,"score":71,"percentile":262},"2026-01-09",0.59694,{"date":264,"score":71,"percentile":259},"2026-01-10",{"date":266,"score":71,"percentile":267},"2026-01-11",0.59673,{"date":269,"score":71,"percentile":270},"2026-01-12",0.59646,{"date":272,"score":71,"percentile":273},"2026-01-13",0.59619,{"date":275,"score":276,"percentile":277},"2026-01-14",0.00288,0.51861,{"date":279,"score":276,"percentile":280},"2026-01-15",0.51865,{"date":282,"score":276,"percentile":283},"2026-01-16",0.51883,{"date":285,"score":276,"percentile":286},"2026-01-17",0.51862,{"date":288,"score":276,"percentile":289},"2026-01-18",0.51848,{"date":291,"score":276,"percentile":292},"2026-01-19",0.51828,{"date":294,"score":276,"percentile":295},"2026-01-20",0.51827,{"date":297,"score":276,"percentile":292},"2026-01-21",{"date":299,"score":276,"percentile":300},"2026-01-22",0.51834,{"date":302,"score":276,"percentile":303},"2026-01-23",0.51878,{"date":305,"score":276,"percentile":283},"2026-01-24",{"date":307,"score":276,"percentile":308},"2026-01-25",0.51837,{"date":310,"score":276,"percentile":311},"2026-01-26",0.51814,{"date":313,"score":276,"percentile":314},"2026-01-27",0.51818,{"date":316,"score":276,"percentile":317},"2026-01-28",0.51831,{"date":319,"score":276,"percentile":292},"2026-01-29",{"date":321,"score":276,"percentile":322},"2026-01-30",0.5183,{"date":324,"score":276,"percentile":325},"2026-01-31",0.51835,{"date":327,"score":276,"percentile":328},"2026-02-01",0.51976,[330],{"source":48,"cvss_v2_0":331,"cvss_v3_0":336,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":332,"baseSeverity":9,"vectorString":333,"impactScore":334,"exploitabilityScore":335},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":46,"baseSeverity":337,"vectorString":49,"impactScore":46,"exploitabilityScore":335},"CRITICAL",[339,347,355],{"ecosystem":9,"name":340,"vendor":341,"product":340,"cpe_part":342,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":343},"oniguruma","oniguruma_project","a",[344],{"version":345,"is_range":28,"range_type":346,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.2.0","cpe",{"ecosystem":9,"name":348,"vendor":9,"product":348,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":349},"PHP",[350],{"version":351,"is_range":352,"range_type":346,"version_start":9,"version_start_type":9,"version_end":353,"version_end_type":354,"fixed_in":9},"lte7.1.5",true,"7.1.5","including",{"ecosystem":9,"name":356,"vendor":357,"product":356,"cpe_part":342,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":358},"ruby","ruby-lang",[359],{"version":360,"is_range":352,"range_type":346,"version_start":9,"version_start_type":9,"version_end":361,"version_end_type":354,"fixed_in":9},"lte2.4.1","2.4.1"]