[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-7187":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":50,"duplicate_of":9,"upstream":52,"downstream":53,"duplicates":72,"related":73,"reserved_at":9,"published_at":79,"modified_at":80,"state":81,"summary":82,"references_raw":90,"kevs":146,"epss":147,"epss_history":150,"metrics":402,"affected":413},"CVE-2018-7187","The \"go get\" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for \"://\" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":33,"name":34,"techniques":35},"CAPEC-6","Argument Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-88","OS Command Injection",[],[41],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_GOLANG_GO","Go","github","https://github.com/golang/go/issues/27016","poc",0.3,false,[],[51],"GO-2022-0203",[],[54,56,58,60,62,64,66,68,70],{"_key":55},"UBUNTU-CVE-2018-7187",{"_key":57},"OPENSUSE-SU-2024:10802-1",{"_key":59},"SUSE-SU-2018:4297-1",{"_key":61},"OPENSUSE-SU-2018:4302-1",{"_key":63},"OPENSUSE-SU-2024:10812-1",{"_key":65},"DLA-1294-1",{"_key":67},"DSA-4379-1",{"_key":69},"DSA-4380-1",{"_key":71},"MGASA-2018-0238",[],[74,75,76,77,78],{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":71},"2018-02-16T17:00:00.000Z","2024-08-05T06:24:10.498Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":83,"epss_score":84,"severity":85,"severity_score":86,"severity_version":87,"severity_source":88,"severity_vector":89,"severity_status":81},"low",0.07587,"high",9.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:C/I:C/A:C",[91,99,105,110,114,121,126,132,136,141],{"url":92,"sources":93,"tags":95},"https://lists.debian.org/debian-lts-announce/2018/02/msg00029.html",[94,88],"cve.org",[96,97,98],"Mailing List","X Refsource MLIST","Third Party Advisory",{"url":100,"sources":101,"tags":102},"https://www.debian.org/security/2019/dsa-4380",[94,88],[103,104,98],"Vendor Advisory","X Refsource DEBIAN",{"url":106,"sources":107,"tags":108},"https://security.gentoo.org/glsa/201804-12",[94,88],[103,109,98],"X Refsource GENTOO",{"url":111,"sources":112,"tags":113},"https://www.debian.org/security/2019/dsa-4379",[94,88],[103,104,98],{"url":115,"sources":116,"tags":117},"https://github.com/golang/go/issues/23867",[94,88],[118,119,120,98],"X Refsource CONFIRM","Exploit","Issue Tracking",{"url":122,"sources":123,"tags":124},"https://gist.github.com/SLAYEROWNER/b2a358f13ab267f2e9543bb9f9320ffc",[94,88],[125,98],"X Refsource MISC",{"url":127,"sources":128,"tags":130},"https://go.dev/cl/94603",[129],"osv_go",[131],"FIX",{"url":133,"sources":134,"tags":135},"https://go.googlesource.com/go/+/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc",[129],[131],{"url":137,"sources":138,"tags":139},"https://go.dev/issue/23867",[129],[140],"REPORT",{"url":142,"sources":143,"tags":144},"https://groups.google.com/g/golang-announce/c/IkPkOF8JqLs/m/TFBbWHJYAwAJ",[129],[145],"WEB",[],{"date":148,"score":84,"percentile":149},"2026-06-04",0.9199,[151,155,158,161,164,167,169,172,174,177,180,183,185,187,190,194,197,200,203,206,208,211,214,217,220,223,226,228,231,234,237,239,241,243,246,249,252,255,258,260,263,265,267,270,273,276,279,282,285,288,290,292,295,298,301,304,306,308,311,314,317,320,322,325,328,330,333,336,339,342,344,347,350,353,356,359,362,365,368,371,374,377,380,383,386,389,392,394,396,399],{"date":152,"score":153,"percentile":154},"2025-11-04",0.15136,0.94292,{"date":156,"score":153,"percentile":157},"2025-11-05",0.94291,{"date":159,"score":153,"percentile":160},"2025-11-06",0.94293,{"date":162,"score":153,"percentile":163},"2025-11-07",0.94295,{"date":165,"score":153,"percentile":166},"2025-11-08",0.94297,{"date":168,"score":153,"percentile":163},"2025-11-09",{"date":170,"score":153,"percentile":171},"2025-11-10",0.94296,{"date":173,"score":153,"percentile":166},"2025-11-11",{"date":175,"score":153,"percentile":176},"2025-11-12",0.94303,{"date":178,"score":153,"percentile":179},"2025-11-13",0.94305,{"date":181,"score":153,"percentile":182},"2025-11-14",0.94307,{"date":184,"score":153,"percentile":176},"2025-11-15",{"date":186,"score":153,"percentile":182},"2025-11-16",{"date":188,"score":153,"percentile":189},"2025-11-17",0.94306,{"date":191,"score":192,"percentile":193},"2025-11-18",0.09583,0.92044,{"date":195,"score":192,"percentile":196},"2025-11-19",0.92047,{"date":198,"score":192,"percentile":199},"2025-11-20",0.92052,{"date":201,"score":153,"percentile":202},"2025-11-21",0.94313,{"date":204,"score":153,"percentile":205},"2025-11-22",0.94311,{"date":207,"score":153,"percentile":202},"2025-11-23",{"date":209,"score":153,"percentile":210},"2025-11-24",0.94315,{"date":212,"score":153,"percentile":213},"2025-11-25",0.94317,{"date":215,"score":153,"percentile":216},"2025-11-26",0.94319,{"date":218,"score":153,"percentile":219},"2025-11-27",0.94321,{"date":221,"score":153,"percentile":222},"2025-11-28",0.94318,{"date":224,"score":153,"percentile":225},"2025-11-29",0.9432,{"date":227,"score":153,"percentile":219},"2025-11-30",{"date":229,"score":153,"percentile":230},"2025-12-01",0.94363,{"date":232,"score":153,"percentile":233},"2025-12-02",0.94364,{"date":235,"score":153,"percentile":236},"2025-12-03",0.94365,{"date":238,"score":153,"percentile":222},"2025-12-04",{"date":240,"score":153,"percentile":219},"2025-12-05",{"date":242,"score":153,"percentile":225},"2025-12-06",{"date":244,"score":153,"percentile":245},"2025-12-07",0.94326,{"date":247,"score":153,"percentile":248},"2025-12-08",0.94327,{"date":250,"score":153,"percentile":251},"2025-12-09",0.94332,{"date":253,"score":153,"percentile":254},"2025-12-10",0.9434,{"date":256,"score":153,"percentile":257},"2025-12-11",0.94344,{"date":259,"score":153,"percentile":257},"2025-12-12",{"date":261,"score":153,"percentile":262},"2025-12-13",0.94342,{"date":264,"score":153,"percentile":254},"2025-12-14",{"date":266,"score":153,"percentile":257},"2025-12-15",{"date":268,"score":153,"percentile":269},"2025-12-16",0.94347,{"date":271,"score":153,"percentile":272},"2025-12-17",0.94349,{"date":274,"score":153,"percentile":275},"2025-12-18",0.94353,{"date":277,"score":153,"percentile":278},"2025-12-19",0.94354,{"date":280,"score":153,"percentile":281},"2025-12-20",0.94355,{"date":283,"score":153,"percentile":284},"2025-12-21",0.9436,{"date":286,"score":153,"percentile":287},"2025-12-22",0.94361,{"date":289,"score":153,"percentile":287},"2025-12-23",{"date":291,"score":153,"percentile":236},"2025-12-24",{"date":293,"score":153,"percentile":294},"2025-12-25",0.94372,{"date":296,"score":153,"percentile":297},"2025-12-26",0.9437,{"date":299,"score":153,"percentile":300},"2025-12-27",0.94401,{"date":302,"score":153,"percentile":303},"2025-12-28",0.94369,{"date":305,"score":153,"percentile":303},"2025-12-29",{"date":307,"score":153,"percentile":297},"2025-12-30",{"date":309,"score":153,"percentile":310},"2025-12-31",0.94375,{"date":312,"score":153,"percentile":313},"2026-01-01",0.94418,{"date":315,"score":153,"percentile":316},"2026-01-02",0.94412,{"date":318,"score":153,"percentile":319},"2026-01-03",0.94409,{"date":321,"score":153,"percentile":297},"2026-01-04",{"date":323,"score":153,"percentile":324},"2026-01-05",0.94366,{"date":326,"score":153,"percentile":327},"2026-01-06",0.94367,{"date":329,"score":153,"percentile":327},"2026-01-07",{"date":331,"score":153,"percentile":332},"2026-01-08",0.94371,{"date":334,"score":153,"percentile":335},"2026-01-09",0.94373,{"date":337,"score":84,"percentile":338},"2026-01-10",0.91562,{"date":340,"score":84,"percentile":341},"2026-01-11",0.91555,{"date":343,"score":84,"percentile":341},"2026-01-12",{"date":345,"score":84,"percentile":346},"2026-01-13",0.91554,{"date":348,"score":84,"percentile":349},"2026-01-14",0.91567,{"date":351,"score":84,"percentile":352},"2026-01-15",0.91569,{"date":354,"score":84,"percentile":355},"2026-01-16",0.91573,{"date":357,"score":84,"percentile":358},"2026-01-17",0.91577,{"date":360,"score":84,"percentile":361},"2026-01-18",0.91576,{"date":363,"score":84,"percentile":364},"2026-01-19",0.91579,{"date":366,"score":84,"percentile":367},"2026-01-20",0.91582,{"date":369,"score":84,"percentile":370},"2026-01-21",0.91587,{"date":372,"score":84,"percentile":373},"2026-01-22",0.91591,{"date":375,"score":84,"percentile":376},"2026-01-23",0.91599,{"date":378,"score":84,"percentile":379},"2026-01-24",0.91606,{"date":381,"score":84,"percentile":382},"2026-01-25",0.91604,{"date":384,"score":84,"percentile":385},"2026-01-26",0.91607,{"date":387,"score":84,"percentile":388},"2026-01-27",0.9161,{"date":390,"score":84,"percentile":391},"2026-01-28",0.91615,{"date":393,"score":84,"percentile":391},"2026-01-29",{"date":395,"score":84,"percentile":391},"2026-01-30",{"date":397,"score":84,"percentile":398},"2026-01-31",0.91614,{"date":400,"score":84,"percentile":401},"2026-02-01",0.9166,[403],{"source":88,"cvss_v2_0":404,"cvss_v3_0":9,"cvss_v3_1":407,"cvss_v4_0":9},{"baseScore":86,"baseSeverity":9,"vectorString":89,"impactScore":405,"exploitabilityScore":406},10,8.6,{"baseScore":408,"baseSeverity":409,"vectorString":410,"impactScore":411,"exploitabilityScore":412},8.8,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",9.8,7.2,[414,425,440],{"ecosystem":9,"name":415,"vendor":416,"product":417,"cpe_part":418,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":419},"debian linux","debian","debian_linux","o",[420,423],{"version":421,"is_range":48,"range_type":422,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0","cpe",{"version":424,"is_range":48,"range_type":422,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":426,"vendor":427,"product":426,"cpe_part":428,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":429},"go","golang","a",[430,435],{"version":431,"is_range":432,"range_type":422,"version_start":9,"version_start_type":9,"version_end":433,"version_end_type":434,"fixed_in":9},"lt1.9.5",true,"1.9.5","excluding",{"version":436,"is_range":432,"range_type":422,"version_start":437,"version_start_type":438,"version_end":439,"version_end_type":434,"fixed_in":9},"gte1.10_lt1.10.1","1.10","including","1.10.1",{"ecosystem":43,"name":441,"vendor":43,"product":441,"cpe_part":9,"purl_type":427,"purl_namespace":9,"purl_name":441,"source":9,"versions":442},"toolchain",[443],{"version":444,"is_range":432,"range_type":445,"version_start":446,"version_start_type":438,"version_end":439,"version_end_type":434,"fixed_in":9},"gte1_10_0_0_lt1_10_1","semver","1.10.0-0"]