[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-14647":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":100,"related":101,"reserved_at":9,"published_at":115,"modified_at":116,"state":117,"summary":118,"references_raw":127,"kevs":209,"epss":210,"epss_history":213,"metrics":470,"affected":487},"CVE-2018-14647","Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.",null,[11,20,34],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-909","Missing Initialization of Resource","The product does not initialize a critical resource.","weakness","Incomplete","Class","Medium",[],{"_key":21,"id":21,"name":22,"description":23,"type":15,"status":24,"abstraction":17,"likelihood_of_exploit":18,"capec":25},"CWE-665","Improper Initialization","The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.","Draft",[26,30],{"id":27,"name":28,"techniques":29},"CAPEC-26","Leveraging Race Conditions",[],{"id":31,"name":32,"techniques":33},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],{"_key":35,"id":35,"name":36,"description":37,"type":15,"status":24,"abstraction":38,"likelihood_of_exploit":9,"capec":39},"CWE-335","Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)","The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.","Base",[],[],[],[],[44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98],{"_key":45},"ALPINE-CVE-2018-14647",{"_key":47},"SUSE-SU-2019:0482-1",{"_key":49},"SUSE-SU-2020:0234-1",{"_key":51},"OPENSUSE-SU-2024:11202-1",{"_key":53},"SUSE-SU-2018:3156-1",{"_key":55},"SUSE-SU-2019:0482-2",{"_key":57},"SUSE-SU-2019:2053-1",{"_key":59},"SUSE-SU-2019:2053-2",{"_key":61},"SUSE-SU-2020:0114-1",{"_key":63},"SUSE-SU-2020:2699-1",{"_key":65},"OPENSUSE-SU-2020:0086-1",{"_key":67},"OPENSUSE-SU-2024:11284-1",{"_key":69},"RHSA-2019:1260",{"_key":71},"RHSA-2019:2030",{"_key":73},"RHSA-2019:3725",{"_key":75},"RHSA-2020:1268",{"_key":77},"RHSA-2020:1346",{"_key":79},"RHSA-2020:1462",{"_key":81},"DLA-1834-1",{"_key":83},"DLA-1835-1",{"_key":85},"DSA-4306-1",{"_key":87},"DSA-4307-1",{"_key":89},"MGASA-2019-0135",{"_key":91},"MGASA-2018-0495",{"_key":93},"UBUNTU-CVE-2018-14647",{"_key":95},"USN-3817-1",{"_key":97},"DEBIAN-CVE-2018-14647",{"_key":99},"USN-6891-1",[],[102,103,104,105,106,107,108,109,110,111,112,113,114],{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":91},{"_key":89},"2018-09-25T00:00:00.000Z","2024-08-05T09:38:13.104Z","Modified",{"cisa_kev":119,"cisa_ransomware":119,"cisa_vendor":9,"epss_severity":120,"epss_score":121,"severity":122,"severity_score":123,"severity_version":124,"severity_source":125,"severity_vector":126,"severity_status":117},false,"low",0.01247,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[128,136,141,147,152,156,163,167,172,177,182,188,192,196,200,205],{"url":129,"sources":130,"tags":132},"https://www.debian.org/security/2018/dsa-4306",[131,125],"cve.org",[133,134,135],"Vendor Advisory","X Refsource DEBIAN","Third Party Advisory",{"url":137,"sources":138,"tags":139},"https://usn.ubuntu.com/3817-2/",[131,125],[133,140,135],"X Refsource UBUNTU",{"url":142,"sources":143,"tags":144},"http://www.securitytracker.com/id/1041740",[131,125],[145,146,135],"VDB Entry","X Refsource SECTRACK",{"url":148,"sources":149,"tags":150},"http://www.securityfocus.com/bid/105396",[131,125],[145,151,135],"X Refsource BID",{"url":153,"sources":154,"tags":155},"https://www.debian.org/security/2018/dsa-4307",[131,125],[133,134,135],{"url":157,"sources":158,"tags":159},"https://bugs.python.org/issue34623",[131,125],[160,161,162,133],"X Refsource MISC","Issue Tracking","Patch",{"url":164,"sources":165,"tags":166},"https://usn.ubuntu.com/3817-1/",[131,125],[133,140,135],{"url":168,"sources":169,"tags":170},"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647",[131,125],[171,161,135],"X Refsource CONFIRM",{"url":173,"sources":174,"tags":175},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/",[131,125],[133,176],"X Refsource FEDORA",{"url":178,"sources":179,"tags":180},"https://access.redhat.com/errata/RHSA-2019:1260",[131,125],[133,181,135],"X Refsource REDHAT",{"url":183,"sources":184,"tags":185},"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html",[131,125],[186,187,135],"Mailing List","X Refsource MLIST",{"url":189,"sources":190,"tags":191},"https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html",[131,125],[186,187,135],{"url":193,"sources":194,"tags":195},"https://access.redhat.com/errata/RHSA-2019:2030",[131,125],[133,181,135],{"url":197,"sources":198,"tags":199},"https://access.redhat.com/errata/RHSA-2019:3725",[131,125],[133,181,135],{"url":201,"sources":202,"tags":203},"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html",[131,125],[133,204,186,135],"X Refsource SUSE",{"url":206,"sources":207,"tags":208},"https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E",[131,125],[186,187],[],{"date":211,"score":121,"percentile":212},"2026-06-04",0.79642,[214,218,221,224,227,230,233,236,239,242,245,248,251,253,256,260,263,266,269,272,275,278,281,283,286,289,292,294,298,300,303,306,308,310,313,315,318,321,324,327,330,333,335,338,341,345,348,351,354,357,360,363,366,369,373,376,378,381,384,387,389,392,395,398,401,403,406,409,411,413,415,417,420,423,426,429,431,434,437,439,442,445,448,451,453,456,459,461,464,467],{"date":215,"score":216,"percentile":217},"2025-11-04",0.01898,0.82627,{"date":219,"score":216,"percentile":220},"2025-11-05",0.82632,{"date":222,"score":216,"percentile":223},"2025-11-06",0.82635,{"date":225,"score":216,"percentile":226},"2025-11-07",0.82646,{"date":228,"score":216,"percentile":229},"2025-11-08",0.82651,{"date":231,"score":216,"percentile":232},"2025-11-09",0.82645,{"date":234,"score":216,"percentile":235},"2025-11-10",0.82639,{"date":237,"score":216,"percentile":238},"2025-11-11",0.82647,{"date":240,"score":216,"percentile":241},"2025-11-12",0.82657,{"date":243,"score":216,"percentile":244},"2025-11-13",0.8266,{"date":246,"score":216,"percentile":247},"2025-11-14",0.82664,{"date":249,"score":216,"percentile":250},"2025-11-15",0.82656,{"date":252,"score":216,"percentile":244},"2025-11-16",{"date":254,"score":216,"percentile":255},"2025-11-17",0.82658,{"date":257,"score":258,"percentile":259},"2025-11-18",0.07048,0.90593,{"date":261,"score":258,"percentile":262},"2025-11-19",0.90597,{"date":264,"score":258,"percentile":265},"2025-11-20",0.90602,{"date":267,"score":216,"percentile":268},"2025-11-21",0.82668,{"date":270,"score":216,"percentile":271},"2025-11-22",0.8267,{"date":273,"score":216,"percentile":274},"2025-11-23",0.82663,{"date":276,"score":216,"percentile":277},"2025-11-24",0.82662,{"date":279,"score":216,"percentile":280},"2025-11-25",0.82659,{"date":282,"score":216,"percentile":244},"2025-11-26",{"date":284,"score":216,"percentile":285},"2025-11-27",0.82661,{"date":287,"score":216,"percentile":288},"2025-11-28",0.8265,{"date":290,"score":216,"percentile":291},"2025-11-29",0.82653,{"date":293,"score":216,"percentile":241},"2025-11-30",{"date":295,"score":296,"percentile":297},"2025-12-01",0.01218,0.78538,{"date":299,"score":296,"percentile":297},"2025-12-02",{"date":301,"score":296,"percentile":302},"2025-12-03",0.78535,{"date":304,"score":216,"percentile":305},"2025-12-04",0.82654,{"date":307,"score":216,"percentile":277},"2025-12-05",{"date":309,"score":216,"percentile":280},"2025-12-06",{"date":311,"score":216,"percentile":312},"2025-12-07",0.82655,{"date":314,"score":216,"percentile":241},"2025-12-08",{"date":316,"score":216,"percentile":317},"2025-12-09",0.82677,{"date":319,"score":216,"percentile":320},"2025-12-10",0.82701,{"date":322,"score":216,"percentile":323},"2025-12-11",0.82718,{"date":325,"score":216,"percentile":326},"2025-12-12",0.82723,{"date":328,"score":216,"percentile":329},"2025-12-13",0.82719,{"date":331,"score":216,"percentile":332},"2025-12-14",0.82717,{"date":334,"score":216,"percentile":323},"2025-12-15",{"date":336,"score":216,"percentile":337},"2025-12-16",0.82726,{"date":339,"score":216,"percentile":340},"2025-12-17",0.82734,{"date":342,"score":343,"percentile":344},"2025-12-18",0.0195,0.82988,{"date":346,"score":343,"percentile":347},"2025-12-19",0.82993,{"date":349,"score":343,"percentile":350},"2025-12-20",0.82986,{"date":352,"score":343,"percentile":353},"2025-12-21",0.82983,{"date":355,"score":343,"percentile":356},"2025-12-22",0.82987,{"date":358,"score":343,"percentile":359},"2025-12-23",0.82992,{"date":361,"score":216,"percentile":362},"2025-12-24",0.82752,{"date":364,"score":216,"percentile":365},"2025-12-25",0.82767,{"date":367,"score":216,"percentile":368},"2025-12-26",0.82771,{"date":370,"score":371,"percentile":372},"2025-12-27",0.01909,0.82868,{"date":374,"score":216,"percentile":375},"2025-12-28",0.82758,{"date":377,"score":216,"percentile":362},"2025-12-29",{"date":379,"score":216,"percentile":380},"2025-12-30",0.8276,{"date":382,"score":216,"percentile":383},"2025-12-31",0.82774,{"date":385,"score":296,"percentile":386},"2026-01-01",0.78697,{"date":388,"score":296,"percentile":386},"2026-01-02",{"date":390,"score":296,"percentile":391},"2026-01-03",0.78693,{"date":393,"score":216,"percentile":394},"2026-01-04",0.82754,{"date":396,"score":216,"percentile":397},"2026-01-05",0.82749,{"date":399,"score":216,"percentile":400},"2026-01-06",0.82755,{"date":402,"score":216,"percentile":400},"2026-01-07",{"date":404,"score":216,"percentile":405},"2026-01-08",0.82761,{"date":407,"score":216,"percentile":408},"2026-01-09",0.82764,{"date":410,"score":216,"percentile":408},"2026-01-10",{"date":412,"score":216,"percentile":405},"2026-01-11",{"date":414,"score":216,"percentile":375},"2026-01-12",{"date":416,"score":216,"percentile":362},"2026-01-13",{"date":418,"score":216,"percentile":419},"2026-01-14",0.8277,{"date":421,"score":216,"percentile":422},"2026-01-15",0.82768,{"date":424,"score":216,"percentile":425},"2026-01-16",0.82776,{"date":427,"score":216,"percentile":428},"2026-01-17",0.82778,{"date":430,"score":216,"percentile":425},"2026-01-18",{"date":432,"score":216,"percentile":433},"2026-01-19",0.82772,{"date":435,"score":216,"percentile":436},"2026-01-20",0.82773,{"date":438,"score":216,"percentile":428},"2026-01-21",{"date":440,"score":216,"percentile":441},"2026-01-22",0.82784,{"date":443,"score":216,"percentile":444},"2026-01-23",0.82806,{"date":446,"score":216,"percentile":447},"2026-01-24",0.82813,{"date":449,"score":216,"percentile":450},"2026-01-25",0.82807,{"date":452,"score":216,"percentile":444},"2026-01-26",{"date":454,"score":216,"percentile":455},"2026-01-27",0.82802,{"date":457,"score":216,"percentile":458},"2026-01-28",0.82804,{"date":460,"score":216,"percentile":444},"2026-01-29",{"date":462,"score":216,"percentile":463},"2026-01-30",0.82812,{"date":465,"score":216,"percentile":466},"2026-01-31",0.82818,{"date":468,"score":296,"percentile":469},"2026-02-01",0.78766,[471,478],{"source":131,"cvss_v2_0":9,"cvss_v3_0":472,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":473,"baseSeverity":474,"vectorString":475,"impactScore":476,"exploitabilityScore":477},5.3,"MEDIUM","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",2.3,10,{"source":125,"cvss_v2_0":479,"cvss_v3_0":483,"cvss_v3_1":484,"cvss_v4_0":9},{"baseScore":480,"baseSeverity":9,"vectorString":481,"impactScore":482,"exploitabilityScore":477},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,{"baseScore":473,"baseSeverity":474,"vectorString":475,"impactScore":476,"exploitabilityScore":477},{"baseScore":123,"baseSeverity":485,"vectorString":126,"impactScore":486,"exploitabilityScore":477},"HIGH",6,[488,503,512,518,524,548,555,560,565],{"ecosystem":9,"name":489,"vendor":490,"product":491,"cpe_part":492,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":493},"ubuntu linux","canonical","ubuntu_linux","o",[494,497,499,501],{"version":495,"is_range":119,"range_type":496,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":498,"is_range":119,"range_type":496,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":500,"is_range":119,"range_type":496,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":502,"is_range":119,"range_type":496,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"ecosystem":9,"name":504,"vendor":505,"product":506,"cpe_part":492,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":507},"debian linux","debian","debian_linux",[508,510],{"version":509,"is_range":119,"range_type":496,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":511,"is_range":119,"range_type":496,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":513,"vendor":514,"product":513,"cpe_part":492,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":515},"fedora","fedoraproject",[516],{"version":517,"is_range":119,"range_type":496,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":9,"name":519,"vendor":520,"product":519,"cpe_part":492,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":521},"leap","opensuse",[522],{"version":523,"is_range":119,"range_type":496,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"ecosystem":9,"name":525,"vendor":525,"product":525,"cpe_part":526,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":527},"python","a",[528,534,538,542,546],{"version":529,"is_range":530,"range_type":496,"version_start":531,"version_start_type":532,"version_end":533,"version_end_type":532,"fixed_in":9},"gte2.7.0_lte2.7.15",true,"2.7.0","including","2.7.15",{"version":535,"is_range":530,"range_type":496,"version_start":536,"version_start_type":532,"version_end":537,"version_end_type":532,"fixed_in":9},"gte3.4.0_lte3.4.9","3.4.0","3.4.9",{"version":539,"is_range":530,"range_type":496,"version_start":540,"version_start_type":532,"version_end":541,"version_end_type":532,"fixed_in":9},"gte3.5.0_lte3.5.6","3.5.0","3.5.6",{"version":543,"is_range":530,"range_type":496,"version_start":544,"version_start_type":532,"version_end":545,"version_end_type":532,"fixed_in":9},"gte3.6.0_lte3.6.6","3.6.0","3.6.6",{"version":547,"is_range":119,"range_type":496,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.7.0",{"ecosystem":9,"name":549,"vendor":550,"product":551,"cpe_part":492,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":552},"enterprise linux desktop","redhat","enterprise_linux_desktop",[553],{"version":554,"is_range":119,"range_type":496,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0",{"ecosystem":9,"name":556,"vendor":550,"product":557,"cpe_part":492,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":558},"enterprise linux server","enterprise_linux_server",[559],{"version":554,"is_range":119,"range_type":496,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":561,"vendor":550,"product":562,"cpe_part":492,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":563},"enterprise linux workstation","enterprise_linux_workstation",[564],{"version":554,"is_range":119,"range_type":496,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":566,"vendor":567,"product":525,"cpe_part":526,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":568},"Python","the python project",[569],{"version":570,"is_range":119,"range_type":131,"version_start":570,"version_start_type":532,"version_end":570,"version_end_type":532,"fixed_in":9},"3.8, 3.7, 3.6, 3.5, 3.4, 2.7"]