[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-3737":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":425,"aliases":435,"duplicate_of":9,"upstream":437,"downstream":438,"duplicates":445,"related":446,"reserved_at":9,"published_at":447,"modified_at":448,"state":449,"summary":450,"references_raw":458,"kevs":489,"epss":490,"epss_history":493,"metrics":756,"affected":768},"CVE-2018-3737","sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.",null,[11,31],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-185","Incorrect Regular Expression","The product specifies a regular expression in a way that causes data to be improperly matched or compared.","weakness","Draft","Class",[19,23,27],{"id":20,"name":21,"techniques":22},"CAPEC-15","Command Delimiters",[],{"id":24,"name":25,"techniques":26},"CAPEC-6","Argument Injection",[],{"id":28,"name":29,"techniques":30},"CAPEC-79","Using Slashes in Alternate Encoding",[],{"_key":32,"id":32,"name":33,"description":34,"type":15,"status":35,"abstraction":36,"likelihood_of_exploit":37,"capec":38},"CWE-770","Allocation of Resources Without Limits or Throttling","The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.","Incomplete","Base","High",[39,125,135,139,143,147,151,155,187,249,253,257,287,317,349,353,357,361,365,369],{"id":40,"name":41,"techniques":42},"CAPEC-125","Flooding",[43,97],{"id":44,"name":45,"tactics":46,"countermeasures":50},"T1498.001","Direct Network Flood",[47],{"id":48,"name":49},"TA0105","Impact",[51,56,60,64,68,72,76,80,84,88,93],{"id":52,"name":53,"tactic":54},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":55},"Detect",{"id":57,"name":58,"tactic":59},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":55},{"id":61,"name":62,"tactic":63},"D3-CSPP","Client-server Payload Profiling",{"name":55},{"id":65,"name":66,"tactic":67},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":55},{"id":69,"name":70,"tactic":71},"D3-NTSA","Network Traffic Signature Analysis",{"name":55},{"id":73,"name":74,"tactic":75},"D3-APCA","Application Protocol Command Analysis",{"name":55},{"id":77,"name":78,"tactic":79},"D3-NTCD","Network Traffic Community Deviation",{"name":55},{"id":81,"name":82,"tactic":83},"D3-RTSD","Remote Terminal Session Detection",{"name":55},{"id":85,"name":86,"tactic":87},"D3-ISVA","Inbound Session Volume Analysis",{"name":55},{"id":89,"name":90,"tactic":91},"D3-NTF","Network Traffic Filtering",{"name":92},"Isolate",{"id":94,"name":95,"tactic":96},"D3-ITF","Inbound Traffic Filtering",{"name":92},{"id":98,"name":99,"tactics":100,"countermeasures":102},"T1499","Endpoint Denial of Service",[101],{"id":48,"name":49},[103,105,107,109,111,113,115,117,119,121,123],{"id":52,"name":53,"tactic":104},{"name":55},{"id":57,"name":58,"tactic":106},{"name":55},{"id":61,"name":62,"tactic":108},{"name":55},{"id":65,"name":66,"tactic":110},{"name":55},{"id":69,"name":70,"tactic":112},{"name":55},{"id":73,"name":74,"tactic":114},{"name":55},{"id":77,"name":78,"tactic":116},{"name":55},{"id":81,"name":82,"tactic":118},{"name":55},{"id":85,"name":86,"tactic":120},{"name":55},{"id":89,"name":90,"tactic":122},{"name":92},{"id":94,"name":95,"tactic":124},{"name":92},{"id":126,"name":127,"techniques":128},"CAPEC-130","Excessive Allocation",[129],{"id":130,"name":131,"tactics":132,"countermeasures":134},"T1499.003","Application Exhaustion Flood",[133],{"id":48,"name":49},[],{"id":136,"name":137,"techniques":138},"CAPEC-147","XML Ping of the Death",[],{"id":140,"name":141,"techniques":142},"CAPEC-197","Exponential Data Expansion",[],{"id":144,"name":145,"techniques":146},"CAPEC-229","Serialized Data Parameter Blowup",[],{"id":148,"name":149,"techniques":150},"CAPEC-230","Serialized Data with Nested Payloads",[],{"id":152,"name":153,"techniques":154},"CAPEC-231","Oversized Serialized Data Payloads",[],{"id":156,"name":157,"techniques":158},"CAPEC-469","HTTP DoS",[159],{"id":160,"name":161,"tactics":162,"countermeasures":164},"T1499.002","Service Exhaustion Flood",[163],{"id":48,"name":49},[165,167,169,171,173,175,177,179,181,183,185],{"id":52,"name":53,"tactic":166},{"name":55},{"id":57,"name":58,"tactic":168},{"name":55},{"id":61,"name":62,"tactic":170},{"name":55},{"id":65,"name":66,"tactic":172},{"name":55},{"id":69,"name":70,"tactic":174},{"name":55},{"id":73,"name":74,"tactic":176},{"name":55},{"id":77,"name":78,"tactic":178},{"name":55},{"id":81,"name":82,"tactic":180},{"name":55},{"id":85,"name":86,"tactic":182},{"name":55},{"id":89,"name":90,"tactic":184},{"name":92},{"id":94,"name":95,"tactic":186},{"name":92},{"id":188,"name":189,"techniques":190},"CAPEC-482","TCP Flood",[191,217,223],{"id":44,"name":45,"tactics":192,"countermeasures":194},[193],{"id":48,"name":49},[195,197,199,201,203,205,207,209,211,213,215],{"id":52,"name":53,"tactic":196},{"name":55},{"id":57,"name":58,"tactic":198},{"name":55},{"id":61,"name":62,"tactic":200},{"name":55},{"id":65,"name":66,"tactic":202},{"name":55},{"id":69,"name":70,"tactic":204},{"name":55},{"id":73,"name":74,"tactic":206},{"name":55},{"id":77,"name":78,"tactic":208},{"name":55},{"id":81,"name":82,"tactic":210},{"name":55},{"id":85,"name":86,"tactic":212},{"name":55},{"id":89,"name":90,"tactic":214},{"name":92},{"id":94,"name":95,"tactic":216},{"name":92},{"id":218,"name":219,"tactics":220,"countermeasures":222},"T1499.001","OS Exhaustion Flood",[221],{"id":48,"name":49},[],{"id":160,"name":161,"tactics":224,"countermeasures":226},[225],{"id":48,"name":49},[227,229,231,233,235,237,239,241,243,245,247],{"id":52,"name":53,"tactic":228},{"name":55},{"id":57,"name":58,"tactic":230},{"name":55},{"id":61,"name":62,"tactic":232},{"name":55},{"id":65,"name":66,"tactic":234},{"name":55},{"id":69,"name":70,"tactic":236},{"name":55},{"id":73,"name":74,"tactic":238},{"name":55},{"id":77,"name":78,"tactic":240},{"name":55},{"id":81,"name":82,"tactic":242},{"name":55},{"id":85,"name":86,"tactic":244},{"name":55},{"id":89,"name":90,"tactic":246},{"name":92},{"id":94,"name":95,"tactic":248},{"name":92},{"id":250,"name":251,"techniques":252},"CAPEC-486","UDP Flood",[],{"id":254,"name":255,"techniques":256},"CAPEC-487","ICMP Flood",[],{"id":258,"name":259,"techniques":260},"CAPEC-488","HTTP Flood",[261],{"id":160,"name":161,"tactics":262,"countermeasures":264},[263],{"id":48,"name":49},[265,267,269,271,273,275,277,279,281,283,285],{"id":52,"name":53,"tactic":266},{"name":55},{"id":57,"name":58,"tactic":268},{"name":55},{"id":61,"name":62,"tactic":270},{"name":55},{"id":65,"name":66,"tactic":272},{"name":55},{"id":69,"name":70,"tactic":274},{"name":55},{"id":73,"name":74,"tactic":276},{"name":55},{"id":77,"name":78,"tactic":278},{"name":55},{"id":81,"name":82,"tactic":280},{"name":55},{"id":85,"name":86,"tactic":282},{"name":55},{"id":89,"name":90,"tactic":284},{"name":92},{"id":94,"name":95,"tactic":286},{"name":92},{"id":288,"name":289,"techniques":290},"CAPEC-489","SSL Flood",[291],{"id":160,"name":161,"tactics":292,"countermeasures":294},[293],{"id":48,"name":49},[295,297,299,301,303,305,307,309,311,313,315],{"id":52,"name":53,"tactic":296},{"name":55},{"id":57,"name":58,"tactic":298},{"name":55},{"id":61,"name":62,"tactic":300},{"name":55},{"id":65,"name":66,"tactic":302},{"name":55},{"id":69,"name":70,"tactic":304},{"name":55},{"id":73,"name":74,"tactic":306},{"name":55},{"id":77,"name":78,"tactic":308},{"name":55},{"id":81,"name":82,"tactic":310},{"name":55},{"id":85,"name":86,"tactic":312},{"name":55},{"id":89,"name":90,"tactic":314},{"name":92},{"id":94,"name":95,"tactic":316},{"name":92},{"id":318,"name":319,"techniques":320},"CAPEC-490","Amplification",[321],{"id":322,"name":323,"tactics":324,"countermeasures":326},"T1498.002","Reflection Amplification",[325],{"id":48,"name":49},[327,329,331,333,335,337,339,341,343,345,347],{"id":52,"name":53,"tactic":328},{"name":55},{"id":57,"name":58,"tactic":330},{"name":55},{"id":61,"name":62,"tactic":332},{"name":55},{"id":65,"name":66,"tactic":334},{"name":55},{"id":69,"name":70,"tactic":336},{"name":55},{"id":73,"name":74,"tactic":338},{"name":55},{"id":77,"name":78,"tactic":340},{"name":55},{"id":81,"name":82,"tactic":342},{"name":55},{"id":85,"name":86,"tactic":344},{"name":55},{"id":89,"name":90,"tactic":346},{"name":92},{"id":94,"name":95,"tactic":348},{"name":92},{"id":350,"name":351,"techniques":352},"CAPEC-491","Quadratic Data Expansion",[],{"id":354,"name":355,"techniques":356},"CAPEC-493","SOAP Array Blowup",[],{"id":358,"name":359,"techniques":360},"CAPEC-494","TCP Fragmentation",[],{"id":362,"name":363,"techniques":364},"CAPEC-495","UDP Fragmentation",[],{"id":366,"name":367,"techniques":368},"CAPEC-496","ICMP Fragmentation",[],{"id":370,"name":371,"techniques":372},"CAPEC-528","XML Flood",[373,399],{"id":160,"name":161,"tactics":374,"countermeasures":376},[375],{"id":48,"name":49},[377,379,381,383,385,387,389,391,393,395,397],{"id":52,"name":53,"tactic":378},{"name":55},{"id":57,"name":58,"tactic":380},{"name":55},{"id":61,"name":62,"tactic":382},{"name":55},{"id":65,"name":66,"tactic":384},{"name":55},{"id":69,"name":70,"tactic":386},{"name":55},{"id":73,"name":74,"tactic":388},{"name":55},{"id":77,"name":78,"tactic":390},{"name":55},{"id":81,"name":82,"tactic":392},{"name":55},{"id":85,"name":86,"tactic":394},{"name":55},{"id":89,"name":90,"tactic":396},{"name":92},{"id":94,"name":95,"tactic":398},{"name":92},{"id":44,"name":45,"tactics":400,"countermeasures":402},[401],{"id":48,"name":49},[403,405,407,409,411,413,415,417,419,421,423],{"id":52,"name":53,"tactic":404},{"name":55},{"id":57,"name":58,"tactic":406},{"name":55},{"id":61,"name":62,"tactic":408},{"name":55},{"id":65,"name":66,"tactic":410},{"name":55},{"id":69,"name":70,"tactic":412},{"name":55},{"id":73,"name":74,"tactic":414},{"name":55},{"id":77,"name":78,"tactic":416},{"name":55},{"id":81,"name":82,"tactic":418},{"name":55},{"id":85,"name":86,"tactic":420},{"name":55},{"id":89,"name":90,"tactic":422},{"name":92},{"id":94,"name":95,"tactic":424},{"name":92},[426],{"_key":427,"name":428,"source":429,"url":430,"maturity":431,"reliability_score":432,"verified":433,"type":9,"platforms":434,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_CC5F179E300954F4","Exploit Reference (hackerone.com)","reference","https://hackerone.com/reports/319593","unknown",0.2,false,[],[436],"GHSA-2m39-62fm-q8r3",[],[439,441,443],{"_key":440},"UBUNTU-CVE-2018-3737",{"_key":442},"RHSA-2020:2625",{"_key":444},"DEBIAN-CVE-2018-3737",[],[],"2018-06-07T02:00:00.000Z","2024-09-17T03:42:53.453Z","Modified",{"cisa_kev":433,"cisa_ransomware":433,"cisa_vendor":9,"epss_severity":451,"epss_score":452,"severity":453,"severity_score":454,"severity_version":455,"severity_source":456,"severity_vector":457,"severity_status":449},"low",0.00423,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[459,468,473,477,481,485],{"url":430,"sources":460,"tags":463},[461,456,462],"cve.org","osv_npm",[464,465,466,467],"X Refsource MISC","Exploit","Third Party Advisory","WEB",{"url":469,"sources":470,"tags":471},"https://nvd.nist.gov/vuln/detail/CVE-2018-3737",[462],[472],"Advisory",{"url":474,"sources":475,"tags":476},"https://github.com/joyent/node-sshpk/commit/46065d38a5e6d1bccf86d3efb2fb83c14e3f9957",[462],[467],{"url":478,"sources":479,"tags":480},"https://github.com/advisories/GHSA-2m39-62fm-q8r3",[462],[472],{"url":482,"sources":483,"tags":484},"https://github.com/joyent/node-sshpk/blob/v1.13.1/lib/formats/ssh.js#L17",[462],[467],{"url":486,"sources":487,"tags":488},"https://www.npmjs.com/advisories/606",[462],[467],[],{"date":491,"score":452,"percentile":492},"2026-06-04",0.62461,[494,498,501,504,507,510,513,516,519,521,524,527,530,533,536,539,542,545,548,551,554,557,560,562,564,567,570,572,575,578,581,584,587,590,593,596,599,602,605,608,611,614,617,620,623,626,629,632,635,638,640,643,646,649,652,655,658,661,664,667,670,673,676,679,682,685,688,691,694,697,700,703,706,709,712,715,718,721,724,726,729,732,736,738,740,742,745,748,750,753],{"date":495,"score":496,"percentile":497},"2025-11-04",0.00562,0.67449,{"date":499,"score":496,"percentile":500},"2025-11-05",0.67431,{"date":502,"score":496,"percentile":503},"2025-11-06",0.67433,{"date":505,"score":496,"percentile":506},"2025-11-07",0.67445,{"date":508,"score":496,"percentile":509},"2025-11-08",0.67444,{"date":511,"score":496,"percentile":512},"2025-11-09",0.67436,{"date":514,"score":496,"percentile":515},"2025-11-10",0.67425,{"date":517,"score":496,"percentile":518},"2025-11-11",0.6743,{"date":520,"score":496,"percentile":497},"2025-11-12",{"date":522,"score":496,"percentile":523},"2025-11-13",0.67459,{"date":525,"score":496,"percentile":526},"2025-11-14",0.67467,{"date":528,"score":496,"percentile":529},"2025-11-15",0.67464,{"date":531,"score":496,"percentile":532},"2025-11-16",0.67458,{"date":534,"score":496,"percentile":535},"2025-11-17",0.67453,{"date":537,"score":452,"percentile":538},"2025-11-18",0.59392,{"date":540,"score":452,"percentile":541},"2025-11-19",0.59404,{"date":543,"score":452,"percentile":544},"2025-11-20",0.59394,{"date":546,"score":496,"percentile":547},"2025-11-21",0.67469,{"date":549,"score":496,"percentile":550},"2025-11-22",0.67472,{"date":552,"score":496,"percentile":553},"2025-11-23",0.67462,{"date":555,"score":496,"percentile":556},"2025-11-24",0.67451,{"date":558,"score":496,"percentile":559},"2025-11-25",0.6746,{"date":561,"score":496,"percentile":526},"2025-11-26",{"date":563,"score":496,"percentile":547},"2025-11-27",{"date":565,"score":496,"percentile":566},"2025-11-28",0.67455,{"date":568,"score":496,"percentile":569},"2025-11-29",0.67437,{"date":571,"score":496,"percentile":503},"2025-11-30",{"date":573,"score":496,"percentile":574},"2025-12-01",0.67589,{"date":576,"score":496,"percentile":577},"2025-12-02",0.67597,{"date":579,"score":496,"percentile":580},"2025-12-03",0.67595,{"date":582,"score":496,"percentile":583},"2025-12-04",0.67426,{"date":585,"score":496,"percentile":586},"2025-12-05",0.67439,{"date":588,"score":496,"percentile":589},"2025-12-06",0.67443,{"date":591,"score":496,"percentile":592},"2025-12-07",0.67438,{"date":594,"score":496,"percentile":595},"2025-12-08",0.67441,{"date":597,"score":496,"percentile":598},"2025-12-09",0.67473,{"date":600,"score":496,"percentile":601},"2025-12-10",0.67519,{"date":603,"score":496,"percentile":604},"2025-12-11",0.67538,{"date":606,"score":496,"percentile":607},"2025-12-12",0.67564,{"date":609,"score":496,"percentile":610},"2025-12-13",0.67571,{"date":612,"score":496,"percentile":613},"2025-12-14",0.67574,{"date":615,"score":496,"percentile":616},"2025-12-15",0.67572,{"date":618,"score":496,"percentile":619},"2025-12-16",0.67575,{"date":621,"score":496,"percentile":622},"2025-12-17",0.67586,{"date":624,"score":496,"percentile":625},"2025-12-18",0.67623,{"date":627,"score":496,"percentile":628},"2025-12-19",0.67643,{"date":630,"score":496,"percentile":631},"2025-12-20",0.67641,{"date":633,"score":496,"percentile":634},"2025-12-21",0.67627,{"date":636,"score":496,"percentile":637},"2025-12-22",0.6763,{"date":639,"score":496,"percentile":634},"2025-12-23",{"date":641,"score":496,"percentile":642},"2025-12-24",0.67635,{"date":644,"score":496,"percentile":645},"2025-12-25",0.67667,{"date":647,"score":496,"percentile":648},"2025-12-26",0.67668,{"date":650,"score":496,"percentile":651},"2025-12-27",0.67726,{"date":653,"score":496,"percentile":654},"2025-12-28",0.67639,{"date":656,"score":496,"percentile":657},"2025-12-29",0.67631,{"date":659,"score":496,"percentile":660},"2025-12-30",0.67644,{"date":662,"score":496,"percentile":663},"2025-12-31",0.67663,{"date":665,"score":496,"percentile":666},"2026-01-01",0.67838,{"date":668,"score":496,"percentile":669},"2026-01-02",0.67825,{"date":671,"score":496,"percentile":672},"2026-01-03",0.67826,{"date":674,"score":496,"percentile":675},"2026-01-04",0.6766,{"date":677,"score":496,"percentile":678},"2026-01-05",0.67649,{"date":680,"score":496,"percentile":681},"2026-01-06",0.67659,{"date":683,"score":496,"percentile":684},"2026-01-07",0.67678,{"date":686,"score":496,"percentile":687},"2026-01-08",0.67694,{"date":689,"score":496,"percentile":690},"2026-01-09",0.67704,{"date":692,"score":496,"percentile":693},"2026-01-10",0.67706,{"date":695,"score":496,"percentile":696},"2026-01-11",0.67698,{"date":698,"score":496,"percentile":699},"2026-01-12",0.67686,{"date":701,"score":496,"percentile":702},"2026-01-13",0.67681,{"date":704,"score":496,"percentile":705},"2026-01-14",0.67719,{"date":707,"score":496,"percentile":708},"2026-01-15",0.67724,{"date":710,"score":496,"percentile":711},"2026-01-16",0.67741,{"date":713,"score":496,"percentile":714},"2026-01-17",0.67728,{"date":716,"score":496,"percentile":717},"2026-01-18",0.67717,{"date":719,"score":496,"percentile":720},"2026-01-19",0.677,{"date":722,"score":496,"percentile":723},"2026-01-20",0.6771,{"date":725,"score":496,"percentile":705},"2026-01-21",{"date":727,"score":496,"percentile":728},"2026-01-22",0.6773,{"date":730,"score":496,"percentile":731},"2026-01-23",0.6776,{"date":733,"score":734,"percentile":735},"2026-01-24",0.00559,0.67675,{"date":737,"score":734,"percentile":660},"2026-01-25",{"date":739,"score":734,"percentile":642},"2026-01-26",{"date":741,"score":734,"percentile":660},"2026-01-27",{"date":743,"score":734,"percentile":744},"2026-01-28",0.67655,{"date":746,"score":734,"percentile":747},"2026-01-29",0.67651,{"date":749,"score":734,"percentile":681},"2026-01-30",{"date":751,"score":452,"percentile":752},"2026-01-31",0.61624,{"date":754,"score":452,"percentile":755},"2026-02-01",0.6176,[757,766],{"source":456,"cvss_v2_0":758,"cvss_v3_0":9,"cvss_v3_1":763,"cvss_v4_0":9},{"baseScore":759,"baseSeverity":9,"vectorString":760,"impactScore":761,"exploitabilityScore":762},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,10,{"baseScore":454,"baseSeverity":764,"vectorString":457,"impactScore":765,"exploitabilityScore":762},"HIGH",6,{"source":462,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":767,"cvss_v4_0":9},{"baseScore":454,"baseSeverity":9,"vectorString":457,"impactScore":765,"exploitabilityScore":762},[769,777,786],{"ecosystem":9,"name":770,"vendor":771,"product":770,"cpe_part":772,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":773},"sshpk node module","hackerone","a",[774],{"version":775,"is_range":433,"range_type":461,"version_start":775,"version_start_type":776,"version_end":775,"version_end_type":776,"fixed_in":9},"Versions up to and including 1.13.1","including",{"ecosystem":9,"name":778,"vendor":779,"product":778,"cpe_part":772,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":780},"sshpk","joyent",[781],{"version":782,"is_range":783,"range_type":784,"version_start":9,"version_start_type":9,"version_end":785,"version_end_type":776,"fixed_in":9},"lte1.13.1",true,"cpe","1.13.1",{"ecosystem":787,"name":778,"vendor":787,"product":778,"cpe_part":9,"purl_type":788,"purl_namespace":9,"purl_name":778,"source":9,"versions":789},"Npm","npm",[790],{"version":791,"is_range":783,"range_type":792,"version_start":9,"version_start_type":9,"version_end":793,"version_end_type":794,"fixed_in":9},"lt1_13_2","semver","1.13.2","excluding"]