[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-20843":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":33,"duplicate_of":9,"upstream":34,"downstream":35,"duplicates":76,"related":77,"reserved_at":9,"published_at":83,"modified_at":84,"state":85,"summary":86,"references_raw":94,"kevs":195,"epss":196,"epss_history":199,"metrics":461,"affected":473},"CVE-2018-20843","In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-611","Improper Restriction of XML External Entity Reference","The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-221","Data Serialization External Entities Blowup",[],[24],{"_key":25,"name":26,"source":27,"url":28,"maturity":29,"reliability_score":30,"verified":31,"type":9,"platforms":32,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_LIBEXPAT_LIBEXPAT","Libexpat","github","https://github.com/libexpat/libexpat/pull/262","poc",0.3,false,[],[],[],[36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74],{"_key":37},"ALPINE-CVE-2018-20843",{"_key":39},"SUSE-SU-2019:1834-1",{"_key":41},"SUSE-SU-2019:1835-1",{"_key":43},"OPENSUSE-SU-2019:1777-1",{"_key":45},"OPENSUSE-SU-2024:10748-1",{"_key":47},"DLA-1839-1",{"_key":49},"DSA-4472-1",{"_key":51},"MGASA-2019-0274",{"_key":53},"USN-4040-1",{"_key":55},"USN-4040-2",{"_key":57},"USN-7199-1",{"_key":59},"DEBIAN-CVE-2018-20843",{"_key":61},"RHSA-2020:2644",{"_key":63},"RHSA-2020:3952",{"_key":65},"RHSA-2020:4484",{"_key":67},"RHSA-2020:4846",{"_key":69},"USN-4852-1",{"_key":71},"USN-5455-1",{"_key":73},"UBUNTU-CVE-2018-20843",{"_key":75},"RHSA-2025:22871",[],[78,79,80,81,82],{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":51},"2019-06-24T16:06:38.000Z","2025-05-30T19:39:20.442Z","Modified",{"cisa_kev":31,"cisa_ransomware":31,"cisa_vendor":9,"epss_severity":87,"epss_score":88,"severity":89,"severity_score":90,"severity_version":91,"severity_source":92,"severity_vector":93,"severity_status":85},"low",0.05584,"high",7.8,"v2.0","nvd","AV:N/AC:L/Au:N/C:N/I:N/A:C",[95,103,107,112,118,123,128,132,137,142,148,152,157,161,165,170,174,179,183,187,191],{"url":96,"sources":97,"tags":99},"https://usn.ubuntu.com/4040-1/",[98,92],"cve.org",[100,101,102],"Vendor Advisory","X Refsource UBUNTU","Third Party Advisory",{"url":104,"sources":105,"tags":106},"https://usn.ubuntu.com/4040-2/",[98,92],[100,101,102],{"url":108,"sources":109,"tags":110},"https://www.debian.org/security/2019/dsa-4472",[98,92],[100,111,102],"X Refsource DEBIAN",{"url":113,"sources":114,"tags":115},"https://seclists.org/bugtraq/2019/Jun/39",[98,92],[116,117,102],"Mailing List","X Refsource BUGTRAQ",{"url":119,"sources":120,"tags":121},"https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html",[98,92],[116,122,102],"X Refsource MLIST",{"url":124,"sources":125,"tags":126},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/",[98,92],[100,127],"X Refsource FEDORA",{"url":129,"sources":130,"tags":131},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/",[98,92],[100,127],{"url":133,"sources":134,"tags":135},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html",[98,92],[100,136,116,102],"X Refsource SUSE",{"url":138,"sources":139,"tags":140},"https://security.gentoo.org/glsa/201911-08",[98,92],[100,141,102],"X Refsource GENTOO",{"url":143,"sources":144,"tags":145},"https://www.oracle.com/security-alerts/cpuapr2020.html",[98,92],[146,147,102],"X Refsource MISC","Patch",{"url":149,"sources":150,"tags":151},"https://www.oracle.com/security-alerts/cpuoct2020.html",[98,92],[146,147,102],{"url":153,"sources":154,"tags":155},"https://github.com/libexpat/libexpat/issues/186",[98,92],[146,156,147,102],"Issue Tracking",{"url":28,"sources":158,"tags":159},[98,92],[146,160,147,102],"Exploit",{"url":162,"sources":163,"tags":164},"https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6",[98,92],[146,147,102],{"url":166,"sources":167,"tags":168},"https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes",[98,92],[146,169,102],"Release Notes",{"url":171,"sources":172,"tags":173},"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226",[98,92],[146,156,102],{"url":175,"sources":176,"tags":177},"https://security.netapp.com/advisory/ntap-20190703-0001/",[98,92],[178,102],"X Refsource CONFIRM",{"url":180,"sources":181,"tags":182},"https://support.f5.com/csp/article/K51011533",[98,92],[178,102],{"url":184,"sources":185,"tags":186},"https://www.oracle.com/security-alerts/cpuApr2021.html",[98,92],[146,147,102],{"url":188,"sources":189,"tags":190},"https://www.oracle.com/security-alerts/cpuoct2021.html",[98,92],[146,147,102],{"url":192,"sources":193,"tags":194},"https://www.tenable.com/security/tns-2021-11",[98,92],[178,102],[],{"date":197,"score":88,"percentile":198},"2026-06-04",0.90461,[200,204,207,210,213,216,219,223,226,229,232,235,238,241,244,248,250,253,256,260,262,265,268,270,273,276,279,281,285,288,291,294,297,300,303,305,307,310,313,316,319,322,324,326,329,333,335,338,341,344,347,350,353,356,359,362,365,368,371,375,378,381,384,387,390,393,396,398,401,403,405,408,411,414,417,419,422,425,428,430,433,436,438,441,444,447,450,452,455,458],{"date":201,"score":202,"percentile":203},"2025-11-04",0.05817,0.90104,{"date":205,"score":202,"percentile":206},"2025-11-05",0.90103,{"date":208,"score":202,"percentile":209},"2025-11-06",0.90101,{"date":211,"score":202,"percentile":212},"2025-11-07",0.90108,{"date":214,"score":202,"percentile":215},"2025-11-08",0.90109,{"date":217,"score":202,"percentile":218},"2025-11-09",0.90107,{"date":220,"score":221,"percentile":222},"2025-11-10",0.05826,0.90116,{"date":224,"score":221,"percentile":225},"2025-11-11",0.90114,{"date":227,"score":221,"percentile":228},"2025-11-12",0.90122,{"date":230,"score":221,"percentile":231},"2025-11-13",0.90125,{"date":233,"score":221,"percentile":234},"2025-11-14",0.90127,{"date":236,"score":221,"percentile":237},"2025-11-15",0.90124,{"date":239,"score":221,"percentile":240},"2025-11-16",0.90128,{"date":242,"score":221,"percentile":243},"2025-11-17",0.90123,{"date":245,"score":246,"percentile":247},"2025-11-18",0.36677,0.96936,{"date":249,"score":246,"percentile":247},"2025-11-19",{"date":251,"score":246,"percentile":252},"2025-11-20",0.96938,{"date":254,"score":221,"percentile":255},"2025-11-21",0.90134,{"date":257,"score":258,"percentile":259},"2025-11-22",0.05976,0.90263,{"date":261,"score":258,"percentile":259},"2025-11-23",{"date":263,"score":258,"percentile":264},"2025-11-24",0.90265,{"date":266,"score":258,"percentile":267},"2025-11-25",0.90267,{"date":269,"score":258,"percentile":267},"2025-11-26",{"date":271,"score":258,"percentile":272},"2025-11-27",0.90266,{"date":274,"score":258,"percentile":275},"2025-11-28",0.90256,{"date":277,"score":258,"percentile":278},"2025-11-29",0.90292,{"date":280,"score":258,"percentile":278},"2025-11-30",{"date":282,"score":283,"percentile":284},"2025-12-01",0.00808,0.73563,{"date":286,"score":283,"percentile":287},"2025-12-02",0.73569,{"date":289,"score":283,"percentile":290},"2025-12-03",0.7357,{"date":292,"score":258,"percentile":293},"2025-12-04",0.90297,{"date":295,"score":221,"percentile":296},"2025-12-05",0.9017,{"date":298,"score":221,"percentile":299},"2025-12-06",0.90168,{"date":301,"score":221,"percentile":302},"2025-12-07",0.90166,{"date":304,"score":221,"percentile":302},"2025-12-08",{"date":306,"score":221,"percentile":296},"2025-12-09",{"date":308,"score":221,"percentile":309},"2025-12-10",0.90178,{"date":311,"score":221,"percentile":312},"2025-12-11",0.90181,{"date":314,"score":221,"percentile":315},"2025-12-12",0.90186,{"date":317,"score":221,"percentile":318},"2025-12-13",0.90188,{"date":320,"score":221,"percentile":321},"2025-12-14",0.90185,{"date":323,"score":221,"percentile":321},"2025-12-15",{"date":325,"score":221,"percentile":312},"2025-12-16",{"date":327,"score":221,"percentile":328},"2025-12-17",0.90189,{"date":330,"score":331,"percentile":332},"2025-12-18",0.0453,0.88772,{"date":334,"score":331,"percentile":332},"2025-12-19",{"date":336,"score":331,"percentile":337},"2025-12-20",0.88773,{"date":339,"score":331,"percentile":340},"2025-12-21",0.8878,{"date":342,"score":331,"percentile":343},"2025-12-22",0.88778,{"date":345,"score":331,"percentile":346},"2025-12-23",0.88781,{"date":348,"score":331,"percentile":349},"2025-12-24",0.88789,{"date":351,"score":331,"percentile":352},"2025-12-25",0.88799,{"date":354,"score":331,"percentile":355},"2025-12-26",0.88797,{"date":357,"score":331,"percentile":358},"2025-12-27",0.88843,{"date":360,"score":331,"percentile":361},"2025-12-28",0.88791,{"date":363,"score":331,"percentile":364},"2025-12-29",0.88787,{"date":366,"score":221,"percentile":367},"2025-12-30",0.90224,{"date":369,"score":221,"percentile":370},"2025-12-31",0.90232,{"date":372,"score":373,"percentile":374},"2026-01-01",0.00786,0.73404,{"date":376,"score":373,"percentile":377},"2026-01-02",0.73403,{"date":379,"score":373,"percentile":380},"2026-01-03",0.73402,{"date":382,"score":221,"percentile":383},"2026-01-04",0.90233,{"date":385,"score":221,"percentile":386},"2026-01-05",0.90229,{"date":388,"score":221,"percentile":389},"2026-01-06",0.90231,{"date":391,"score":221,"percentile":392},"2026-01-07",0.90235,{"date":394,"score":221,"percentile":395},"2026-01-08",0.90239,{"date":397,"score":221,"percentile":395},"2026-01-09",{"date":399,"score":221,"percentile":400},"2026-01-10",0.90241,{"date":402,"score":221,"percentile":383},"2026-01-11",{"date":404,"score":221,"percentile":370},"2026-01-12",{"date":406,"score":221,"percentile":407},"2026-01-13",0.9023,{"date":409,"score":221,"percentile":410},"2026-01-14",0.90244,{"date":412,"score":221,"percentile":413},"2026-01-15",0.90247,{"date":415,"score":221,"percentile":416},"2026-01-16",0.9025,{"date":418,"score":221,"percentile":413},"2026-01-17",{"date":420,"score":221,"percentile":421},"2026-01-18",0.90249,{"date":423,"score":221,"percentile":424},"2026-01-19",0.90246,{"date":426,"score":221,"percentile":427},"2026-01-20",0.90248,{"date":429,"score":221,"percentile":416},"2026-01-21",{"date":431,"score":221,"percentile":432},"2026-01-22",0.90253,{"date":434,"score":221,"percentile":435},"2026-01-23",0.90261,{"date":437,"score":221,"percentile":267},"2026-01-24",{"date":439,"score":221,"percentile":440},"2026-01-25",0.90269,{"date":442,"score":221,"percentile":443},"2026-01-26",0.90271,{"date":445,"score":221,"percentile":446},"2026-01-27",0.90274,{"date":448,"score":221,"percentile":449},"2026-01-28",0.90281,{"date":451,"score":221,"percentile":449},"2026-01-29",{"date":453,"score":221,"percentile":454},"2026-01-30",0.9028,{"date":456,"score":221,"percentile":457},"2026-01-31",0.90288,{"date":459,"score":373,"percentile":460},"2026-02-01",0.73473,[462,469],{"source":98,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":463,"cvss_v4_0":9},{"baseScore":464,"baseSeverity":465,"vectorString":466,"impactScore":467,"exploitabilityScore":468},7.5,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",6,10,{"source":92,"cvss_v2_0":470,"cvss_v3_0":9,"cvss_v3_1":472,"cvss_v4_0":9},{"baseScore":90,"baseSeverity":9,"vectorString":93,"impactScore":471,"exploitabilityScore":468},6.9,{"baseScore":464,"baseSeverity":465,"vectorString":466,"impactScore":467,"exploitabilityScore":468},[474,493,502,510,520,528,538,546,554],{"ecosystem":9,"name":475,"vendor":476,"product":477,"cpe_part":478,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":479},"ubuntu linux","canonical","ubuntu_linux","o",[480,483,485,487,489,491],{"version":481,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":484,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":486,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":488,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":490,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.10",{"version":492,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.04",{"ecosystem":9,"name":494,"vendor":495,"product":496,"cpe_part":478,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":497},"debian linux","debian","debian_linux",[498,500],{"version":499,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":501,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":503,"vendor":504,"product":503,"cpe_part":478,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":505},"fedora","fedoraproject",[506,508],{"version":507,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"29",{"version":509,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"ecosystem":9,"name":511,"vendor":512,"product":511,"cpe_part":513,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":514},"libexpat","libexpat_project","a",[515],{"version":516,"is_range":517,"range_type":482,"version_start":9,"version_start_type":9,"version_end":518,"version_end_type":519,"fixed_in":9},"lt2.2.7",true,"2.2.7","excluding",{"ecosystem":9,"name":521,"vendor":522,"product":521,"cpe_part":478,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":523},"leap","opensuse",[524,526],{"version":525,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0",{"version":527,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"ecosystem":9,"name":529,"vendor":530,"product":531,"cpe_part":513,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":532},"hospitality res 3700","oracle","hospitality_res_3700",[533],{"version":534,"is_range":517,"range_type":482,"version_start":535,"version_start_type":536,"version_end":537,"version_end_type":536,"fixed_in":9},"gte5.7_lte5.7.6","5.7","including","5.7.6",{"ecosystem":9,"name":539,"vendor":530,"product":540,"cpe_part":513,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":541},"http server","http_server",[542,544],{"version":543,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.1.3.0",{"version":545,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.2.1.4.0",{"ecosystem":9,"name":547,"vendor":530,"product":548,"cpe_part":513,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":549},"outside in technology","outside_in_technology",[550,552],{"version":551,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.5.4",{"version":553,"is_range":31,"range_type":482,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.5.5",{"ecosystem":9,"name":555,"vendor":556,"product":555,"cpe_part":513,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":557},"nessus","tenable",[558],{"version":559,"is_range":517,"range_type":482,"version_start":9,"version_start_type":9,"version_end":560,"version_end_type":519,"fixed_in":9},"lt8.15.0","8.15.0"]