[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-16471":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":84,"related":85,"reserved_at":9,"published_at":100,"modified_at":101,"state":102,"summary":103,"references_raw":112,"kevs":141,"epss":142,"epss_history":145,"metrics":410,"affected":421},"CVE-2018-16471","There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[],[],[48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82],{"_key":49},"SUSE-SU-2020:0359-1",{"_key":51},"OPENSUSE-SU-2025:14875-1",{"_key":53},"SUSE-SU-2019:1440-1",{"_key":55},"UBUNTU-CVE-2018-16471",{"_key":57},"USN-4089-1",{"_key":59},"OPENSUSE-SU-2020:0214-1",{"_key":61},"OPENSUSE-SU-2024:12119-1",{"_key":63},"OPENSUSE-SU-2024:12397-1",{"_key":65},"OPENSUSE-SU-2024:12974-1",{"_key":67},"OPENSUSE-SU-2024:13167-1",{"_key":69},"OPENSUSE-SU-2024:13726-1",{"_key":71},"OPENSUSE-SU-2024:13727-1",{"_key":73},"OPENSUSE-SU-2025:14811-1",{"_key":75},"DLA-1585-1",{"_key":77},"OPENSUSE-SU-2026:10358-1",{"_key":79},"OPENSUSE-SU-2026:10286-1",{"_key":81},"MGASA-2018-0449",{"_key":83},"DEBIAN-CVE-2018-16471",[],[86,87,88,89,90,91,92,93,94,95,96,97,98,99],{"_key":49},{"_key":51},{"_key":53},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":77},{"_key":79},{"_key":81},"2018-11-13T23:00:00.000Z","2024-08-05T10:24:32.587Z","Modified",{"cisa_kev":104,"cisa_ransomware":104,"cisa_vendor":9,"epss_severity":105,"epss_score":106,"severity":107,"severity_score":108,"severity_version":109,"severity_source":110,"severity_vector":111,"severity_status":102},false,"low",0.00829,"medium",6.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[113,119,126,132,137],{"url":114,"sources":115,"tags":117},"https://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Ag",[116,110],"cve.org",[118],"X Refsource MISC",{"url":120,"sources":121,"tags":122},"https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html",[116,110],[123,124,125],"Mailing List","X Refsource MLIST","Third Party Advisory",{"url":127,"sources":128,"tags":129},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html",[116,110],[130,131],"Vendor Advisory","X Refsource SUSE",{"url":133,"sources":134,"tags":135},"https://usn.ubuntu.com/4089-1/",[116,110],[130,136],"X Refsource UBUNTU",{"url":138,"sources":139,"tags":140},"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html",[116,110],[130,131],[],{"date":143,"score":106,"percentile":144},"2026-06-04",0.74894,[146,150,153,156,159,162,165,168,171,174,177,180,183,186,189,193,196,199,201,204,207,210,213,216,219,222,225,228,232,235,238,241,244,247,250,253,255,258,261,264,267,270,273,276,279,282,285,288,291,294,297,300,302,305,307,310,313,316,318,321,324,327,330,333,335,338,340,343,346,349,351,354,357,359,362,365,368,371,374,377,380,383,386,389,392,395,398,401,404,407],{"date":147,"score":148,"percentile":149},"2025-11-04",0.00168,0.38387,{"date":151,"score":148,"percentile":152},"2025-11-05",0.38378,{"date":154,"score":148,"percentile":155},"2025-11-06",0.38379,{"date":157,"score":148,"percentile":158},"2025-11-07",0.38403,{"date":160,"score":148,"percentile":161},"2025-11-08",0.38402,{"date":163,"score":148,"percentile":164},"2025-11-09",0.38384,{"date":166,"score":148,"percentile":167},"2025-11-10",0.38346,{"date":169,"score":148,"percentile":170},"2025-11-11",0.38368,{"date":172,"score":148,"percentile":173},"2025-11-12",0.38409,{"date":175,"score":148,"percentile":176},"2025-11-13",0.38425,{"date":178,"score":148,"percentile":179},"2025-11-14",0.38426,{"date":181,"score":148,"percentile":182},"2025-11-15",0.38421,{"date":184,"score":148,"percentile":185},"2025-11-16",0.38401,{"date":187,"score":148,"percentile":188},"2025-11-17",0.38377,{"date":190,"score":191,"percentile":192},"2025-11-18",0.00381,0.56724,{"date":194,"score":191,"percentile":195},"2025-11-19",0.5674,{"date":197,"score":191,"percentile":198},"2025-11-20",0.56728,{"date":200,"score":148,"percentile":188},"2025-11-21",{"date":202,"score":148,"percentile":203},"2025-11-22",0.38383,{"date":205,"score":148,"percentile":206},"2025-11-23",0.38347,{"date":208,"score":148,"percentile":209},"2025-11-24",0.38337,{"date":211,"score":148,"percentile":212},"2025-11-25",0.38349,{"date":214,"score":148,"percentile":215},"2025-11-26",0.38343,{"date":217,"score":148,"percentile":218},"2025-11-27",0.38351,{"date":220,"score":148,"percentile":221},"2025-11-28",0.38325,{"date":223,"score":148,"percentile":224},"2025-11-29",0.38302,{"date":226,"score":148,"percentile":227},"2025-11-30",0.38285,{"date":229,"score":230,"percentile":231},"2025-12-01",0.00277,0.50807,{"date":233,"score":230,"percentile":234},"2025-12-02",0.50826,{"date":236,"score":230,"percentile":237},"2025-12-03",0.5082,{"date":239,"score":148,"percentile":240},"2025-12-04",0.38284,{"date":242,"score":148,"percentile":243},"2025-12-05",0.38317,{"date":245,"score":148,"percentile":246},"2025-12-06",0.38313,{"date":248,"score":148,"percentile":249},"2025-12-07",0.38291,{"date":251,"score":148,"percentile":252},"2025-12-08",0.38305,{"date":254,"score":148,"percentile":206},"2025-12-09",{"date":256,"score":148,"percentile":257},"2025-12-10",0.38406,{"date":259,"score":148,"percentile":260},"2025-12-11",0.38435,{"date":262,"score":148,"percentile":263},"2025-12-12",0.38468,{"date":265,"score":148,"percentile":266},"2025-12-13",0.38444,{"date":268,"score":148,"percentile":269},"2025-12-14",0.38407,{"date":271,"score":148,"percentile":272},"2025-12-15",0.38382,{"date":274,"score":148,"percentile":275},"2025-12-16",0.38415,{"date":277,"score":148,"percentile":278},"2025-12-17",0.38461,{"date":280,"score":148,"percentile":281},"2025-12-18",0.38513,{"date":283,"score":148,"percentile":284},"2025-12-19",0.38533,{"date":286,"score":148,"percentile":287},"2025-12-20",0.38515,{"date":289,"score":148,"percentile":290},"2025-12-21",0.38469,{"date":292,"score":148,"percentile":293},"2025-12-22",0.38442,{"date":295,"score":148,"percentile":296},"2025-12-23",0.38445,{"date":298,"score":148,"percentile":299},"2025-12-24",0.3846,{"date":301,"score":148,"percentile":281},"2025-12-25",{"date":303,"score":148,"percentile":304},"2025-12-26",0.38495,{"date":306,"score":148,"percentile":287},"2025-12-27",{"date":308,"score":148,"percentile":309},"2025-12-28",0.38414,{"date":311,"score":148,"percentile":312},"2025-12-29",0.38386,{"date":314,"score":148,"percentile":315},"2025-12-30",0.38376,{"date":317,"score":148,"percentile":293},"2025-12-31",{"date":319,"score":230,"percentile":320},"2026-01-01",0.50946,{"date":322,"score":230,"percentile":323},"2026-01-02",0.50927,{"date":325,"score":230,"percentile":326},"2026-01-03",0.5092,{"date":328,"score":148,"percentile":329},"2026-01-04",0.38398,{"date":331,"score":148,"percentile":332},"2026-01-05",0.38371,{"date":334,"score":148,"percentile":188},"2026-01-06",{"date":336,"score":148,"percentile":337},"2026-01-07",0.384,{"date":339,"score":148,"percentile":179},"2026-01-08",{"date":341,"score":148,"percentile":342},"2026-01-09",0.38419,{"date":344,"score":148,"percentile":345},"2026-01-10",0.38422,{"date":347,"score":148,"percentile":348},"2026-01-11",0.38399,{"date":350,"score":148,"percentile":212},"2026-01-12",{"date":352,"score":148,"percentile":353},"2026-01-13",0.38326,{"date":355,"score":148,"percentile":356},"2026-01-14",0.3838,{"date":358,"score":148,"percentile":170},"2026-01-15",{"date":360,"score":148,"percentile":361},"2026-01-16",0.38388,{"date":363,"score":148,"percentile":364},"2026-01-17",0.38359,{"date":366,"score":148,"percentile":367},"2026-01-18",0.38307,{"date":369,"score":148,"percentile":370},"2026-01-19",0.38274,{"date":372,"score":148,"percentile":373},"2026-01-20",0.38253,{"date":375,"score":148,"percentile":376},"2026-01-21",0.38236,{"date":378,"score":148,"percentile":379},"2026-01-22",0.38227,{"date":381,"score":148,"percentile":382},"2026-01-23",0.38286,{"date":384,"score":148,"percentile":385},"2026-01-24",0.38293,{"date":387,"score":148,"percentile":388},"2026-01-25",0.38243,{"date":390,"score":148,"percentile":391},"2026-01-26",0.38181,{"date":393,"score":148,"percentile":394},"2026-01-27",0.38177,{"date":396,"score":148,"percentile":397},"2026-01-28",0.38154,{"date":399,"score":148,"percentile":400},"2026-01-29",0.38134,{"date":402,"score":148,"percentile":403},"2026-01-30",0.38132,{"date":405,"score":148,"percentile":406},"2026-01-31",0.38133,{"date":408,"score":230,"percentile":409},"2026-02-01",0.5083,[411],{"source":110,"cvss_v2_0":412,"cvss_v3_0":417,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":413,"baseSeverity":9,"vectorString":414,"impactScore":415,"exploitabilityScore":416},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":108,"baseSeverity":418,"vectorString":111,"impactScore":419,"exploitabilityScore":420},"MEDIUM",4.5,7.2,[422,431,447],{"ecosystem":9,"name":423,"vendor":424,"product":425,"cpe_part":426,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":427},"debian linux","debian","debian_linux","o",[428],{"version":429,"is_range":104,"range_type":430,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"ecosystem":9,"name":432,"vendor":433,"product":432,"cpe_part":434,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":435},"rack","rack_project","a",[436,443],{"version":437,"is_range":438,"range_type":430,"version_start":439,"version_start_type":440,"version_end":441,"version_end_type":442,"fixed_in":9},"gte1.6.0_lt1.6.11",true,"1.6.0","including","1.6.11","excluding",{"version":444,"is_range":438,"range_type":430,"version_start":445,"version_start_type":440,"version_end":446,"version_end_type":442,"fixed_in":9},"gte2.0.0_lt2.0.6","2.0.0","2.0.6",{"ecosystem":9,"name":432,"vendor":432,"product":432,"cpe_part":434,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":448},[449],{"version":450,"is_range":104,"range_type":116,"version_start":450,"version_start_type":440,"version_end":450,"version_end_type":440,"fixed_in":9},"2.0.6, 1.6.11"]