[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-16935":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":62,"duplicate_of":9,"upstream":63,"downstream":64,"duplicates":127,"related":128,"reserved_at":9,"published_at":147,"modified_at":148,"state":149,"summary":150,"references_raw":158,"kevs":260,"epss":261,"epss_history":264,"metrics":531,"affected":542},"CVE-2019-16935","The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45,54],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_PYTHON_CPYTHON","Cpython","github","https://github.com/python/cpython/pull/16373","poc",0.3,false,[],{"_key":55,"name":56,"source":57,"url":58,"maturity":59,"reliability_score":60,"verified":52,"type":9,"platforms":61,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_19C1840594C14A39","Exploit Reference (bugs.python.org)","reference","https://bugs.python.org/issue38243","unknown",0.2,[],[],[],[65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125],{"_key":66},"ALPINE-CVE-2019-16935",{"_key":68},"SUSE-SU-2019:2748-1",{"_key":70},"SUSE-SU-2020:0234-1",{"_key":72},"RHSA-2020:3911",{"_key":74},"OPENSUSE-SU-2024:11202-1",{"_key":76},"SUSE-SU-2019:2743-1",{"_key":78},"SUSE-SU-2019:2748-2",{"_key":80},"SUSE-SU-2019:2802-1",{"_key":82},"SUSE-SU-2020:0114-1",{"_key":84},"SUSE-SU-2020:2699-1",{"_key":86},"SUSE-SU-2020:3930-1",{"_key":88},"OPENSUSE-SU-2019:2389-1",{"_key":90},"OPENSUSE-SU-2019:2393-1",{"_key":92},"OPENSUSE-SU-2019:2438-1",{"_key":94},"OPENSUSE-SU-2019:2453-1",{"_key":96},"OPENSUSE-SU-2020:0086-1",{"_key":98},"OPENSUSE-SU-2020:2332-1",{"_key":100},"OPENSUSE-SU-2020:2333-1",{"_key":102},"OPENSUSE-SU-2024:11284-1",{"_key":104},"RHSA-2020:3888",{"_key":106},"DLA-2280-1",{"_key":108},"DLA-2628-1",{"_key":110},"RHSA-2020:4285",{"_key":112},"RHSA-2020:4433",{"_key":114},"RHSA-2020:1605",{"_key":116},"MGASA-2019-0318",{"_key":118},"UBUNTU-CVE-2019-16935",{"_key":120},"USN-4151-1",{"_key":122},"USN-4151-2",{"_key":124},"DEBIAN-CVE-2019-16935",{"_key":126},"USN-6891-1",[],[129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146],{"_key":68},{"_key":70},{"_key":74},{"_key":116},{"_key":76},{"_key":78},{"_key":80},{"_key":82},{"_key":84},{"_key":86},{"_key":88},{"_key":90},{"_key":92},{"_key":94},{"_key":96},{"_key":98},{"_key":100},{"_key":102},"2019-09-28T01:33:02.000Z","2024-08-05T01:24:48.547Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":151,"epss_score":152,"severity":153,"severity_score":154,"severity_version":155,"severity_source":156,"severity_vector":157,"severity_status":149},"low",0.02456,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[159,167,171,177,181,185,189,194,198,202,206,210,214,218,222,226,231,235,238,242,246,251,256],{"url":160,"sources":161,"tags":163},"https://usn.ubuntu.com/4151-1/",[162,156],"cve.org",[164,165,166],"Vendor Advisory","X Refsource UBUNTU","Third Party Advisory",{"url":168,"sources":169,"tags":170},"https://usn.ubuntu.com/4151-2/",[162,156],[164,165,166],{"url":172,"sources":173,"tags":174},"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html",[162,156],[164,175,176,166],"X Refsource SUSE","Mailing List",{"url":178,"sources":179,"tags":180},"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html",[162,156],[164,175,176,166],{"url":182,"sources":183,"tags":184},"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html",[162,156],[164,175,176,166],{"url":186,"sources":187,"tags":188},"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html",[162,156],[164,175,176,166],{"url":190,"sources":191,"tags":192},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/",[162,156],[164,193],"X Refsource FEDORA",{"url":195,"sources":196,"tags":197},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/",[162,156],[164,193],{"url":199,"sources":200,"tags":201},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/",[162,156],[164,193],{"url":203,"sources":204,"tags":205},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/",[162,156],[164,193],{"url":207,"sources":208,"tags":209},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/",[162,156],[164,193],{"url":211,"sources":212,"tags":213},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/",[162,156],[164,193],{"url":215,"sources":216,"tags":217},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/",[162,156],[164,193],{"url":219,"sources":220,"tags":221},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/",[162,156],[164,193],{"url":223,"sources":224,"tags":225},"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html",[162,156],[164,175,176,166],{"url":227,"sources":228,"tags":229},"https://www.oracle.com/security-alerts/cpujul2020.html",[162,156],[230,166],"X Refsource MISC",{"url":58,"sources":232,"tags":233},[162,156],[230,234,164],"Exploit",{"url":49,"sources":236,"tags":237},[162,156],[230,234,166],{"url":239,"sources":240,"tags":241},"https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213",[162,156],[230,166],{"url":243,"sources":244,"tags":245},"https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897",[162,156],[230,166],{"url":247,"sources":248,"tags":249},"https://security.netapp.com/advisory/ntap-20191017-0004/",[162,156],[250,166],"X Refsource CONFIRM",{"url":252,"sources":253,"tags":254},"https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html",[162,156],[176,255,166],"X Refsource MLIST",{"url":257,"sources":258,"tags":259},"https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html",[162,156],[176,255,166],[],{"date":262,"score":152,"percentile":263},"2026-06-04",0.85499,[265,269,272,275,277,280,283,286,289,292,295,298,301,304,307,311,314,317,320,323,326,329,331,334,337,340,343,346,350,353,356,358,360,363,365,367,370,373,376,379,382,385,388,391,394,398,401,404,407,409,412,416,419,422,426,428,431,434,437,441,444,447,450,453,455,458,461,463,466,469,472,474,477,480,483,486,489,492,495,498,501,504,507,510,513,516,519,522,524,527],{"date":266,"score":267,"percentile":268},"2025-11-04",0.00843,0.74034,{"date":270,"score":267,"percentile":271},"2025-11-05",0.74018,{"date":273,"score":267,"percentile":274},"2025-11-06",0.74016,{"date":276,"score":267,"percentile":268},"2025-11-07",{"date":278,"score":267,"percentile":279},"2025-11-08",0.74032,{"date":281,"score":267,"percentile":282},"2025-11-09",0.74026,{"date":284,"score":267,"percentile":285},"2025-11-10",0.74011,{"date":287,"score":267,"percentile":288},"2025-11-11",0.74014,{"date":290,"score":267,"percentile":291},"2025-11-12",0.74033,{"date":293,"score":267,"percentile":294},"2025-11-13",0.74039,{"date":296,"score":267,"percentile":297},"2025-11-14",0.74045,{"date":299,"score":267,"percentile":300},"2025-11-15",0.74042,{"date":302,"score":267,"percentile":303},"2025-11-16",0.74038,{"date":305,"score":267,"percentile":306},"2025-11-17",0.74029,{"date":308,"score":309,"percentile":310},"2025-11-18",0.01238,0.7746,{"date":312,"score":309,"percentile":313},"2025-11-19",0.77468,{"date":315,"score":309,"percentile":316},"2025-11-20",0.77478,{"date":318,"score":267,"percentile":319},"2025-11-21",0.74043,{"date":321,"score":267,"percentile":322},"2025-11-22",0.74035,{"date":324,"score":267,"percentile":325},"2025-11-23",0.7402,{"date":327,"score":267,"percentile":328},"2025-11-24",0.74017,{"date":330,"score":267,"percentile":328},"2025-11-25",{"date":332,"score":267,"percentile":333},"2025-11-26",0.74021,{"date":335,"score":267,"percentile":336},"2025-11-27",0.74023,{"date":338,"score":267,"percentile":339},"2025-11-28",0.74013,{"date":341,"score":267,"percentile":342},"2025-11-29",0.7401,{"date":344,"score":267,"percentile":345},"2025-11-30",0.74004,{"date":347,"score":348,"percentile":349},"2025-12-01",0.01033,0.768,{"date":351,"score":348,"percentile":352},"2025-12-02",0.76812,{"date":354,"score":348,"percentile":355},"2025-12-03",0.76802,{"date":357,"score":267,"percentile":285},"2025-12-04",{"date":359,"score":267,"percentile":333},"2025-12-05",{"date":361,"score":267,"percentile":362},"2025-12-06",0.74022,{"date":364,"score":267,"percentile":362},"2025-12-07",{"date":366,"score":267,"percentile":282},"2025-12-08",{"date":368,"score":267,"percentile":369},"2025-12-09",0.74056,{"date":371,"score":267,"percentile":372},"2025-12-10",0.74089,{"date":374,"score":267,"percentile":375},"2025-12-11",0.74104,{"date":377,"score":267,"percentile":378},"2025-12-12",0.74128,{"date":380,"score":267,"percentile":381},"2025-12-13",0.74132,{"date":383,"score":267,"percentile":384},"2025-12-14",0.74131,{"date":386,"score":267,"percentile":387},"2025-12-15",0.74135,{"date":389,"score":267,"percentile":390},"2025-12-16",0.74145,{"date":392,"score":267,"percentile":393},"2025-12-17",0.74156,{"date":395,"score":396,"percentile":397},"2025-12-18",0.01766,0.82156,{"date":399,"score":396,"percentile":400},"2025-12-19",0.82162,{"date":402,"score":396,"percentile":403},"2025-12-20",0.82155,{"date":405,"score":396,"percentile":406},"2025-12-21",0.82153,{"date":408,"score":396,"percentile":397},"2025-12-22",{"date":410,"score":396,"percentile":411},"2025-12-23",0.82159,{"date":413,"score":414,"percentile":415},"2025-12-24",0.01719,0.81921,{"date":417,"score":414,"percentile":418},"2025-12-25",0.81936,{"date":420,"score":414,"percentile":421},"2025-12-26",0.81935,{"date":423,"score":424,"percentile":425},"2025-12-27",0.01156,0.7813,{"date":427,"score":414,"percentile":415},"2025-12-28",{"date":429,"score":414,"percentile":430},"2025-12-29",0.81916,{"date":432,"score":414,"percentile":433},"2025-12-30",0.81924,{"date":435,"score":414,"percentile":436},"2025-12-31",0.81938,{"date":438,"score":439,"percentile":440},"2026-01-01",0.02129,0.83778,{"date":442,"score":439,"percentile":443},"2026-01-02",0.83776,{"date":445,"score":439,"percentile":446},"2026-01-03",0.83771,{"date":448,"score":414,"percentile":449},"2026-01-04",0.81915,{"date":451,"score":414,"percentile":452},"2026-01-05",0.81912,{"date":454,"score":414,"percentile":430},"2026-01-06",{"date":456,"score":414,"percentile":457},"2026-01-07",0.81919,{"date":459,"score":414,"percentile":460},"2026-01-08",0.81927,{"date":462,"score":414,"percentile":460},"2026-01-09",{"date":464,"score":414,"percentile":465},"2026-01-10",0.81928,{"date":467,"score":414,"percentile":468},"2026-01-11",0.81923,{"date":470,"score":414,"percentile":471},"2026-01-12",0.81917,{"date":473,"score":414,"percentile":449},"2026-01-13",{"date":475,"score":414,"percentile":476},"2026-01-14",0.81939,{"date":478,"score":414,"percentile":479},"2026-01-15",0.81937,{"date":481,"score":414,"percentile":482},"2026-01-16",0.81947,{"date":484,"score":414,"percentile":485},"2026-01-17",0.81948,{"date":487,"score":414,"percentile":488},"2026-01-18",0.81946,{"date":490,"score":414,"percentile":491},"2026-01-19",0.81941,{"date":493,"score":414,"percentile":494},"2026-01-20",0.81944,{"date":496,"score":414,"percentile":497},"2026-01-21",0.81952,{"date":499,"score":414,"percentile":500},"2026-01-22",0.81959,{"date":502,"score":414,"percentile":503},"2026-01-23",0.81983,{"date":505,"score":414,"percentile":506},"2026-01-24",0.8199,{"date":508,"score":414,"percentile":509},"2026-01-25",0.81981,{"date":511,"score":414,"percentile":512},"2026-01-26",0.8198,{"date":514,"score":414,"percentile":515},"2026-01-27",0.81978,{"date":517,"score":414,"percentile":518},"2026-01-28",0.81977,{"date":520,"score":414,"percentile":521},"2026-01-29",0.81976,{"date":523,"score":414,"percentile":518},"2026-01-30",{"date":525,"score":414,"percentile":526},"2026-01-31",0.81982,{"date":528,"score":529,"percentile":530},"2026-02-01",0.01793,0.82421,[532],{"source":156,"cvss_v2_0":533,"cvss_v3_0":9,"cvss_v3_1":538,"cvss_v4_0":9},{"baseScore":534,"baseSeverity":9,"vectorString":535,"impactScore":536,"exploitabilityScore":537},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":154,"baseSeverity":539,"vectorString":157,"impactScore":540,"exploitabilityScore":541},"MEDIUM",4.5,7.2,[543,560,567],{"ecosystem":9,"name":544,"vendor":545,"product":546,"cpe_part":547,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":548},"ubuntu linux","canonical","ubuntu_linux","o",[549,552,554,556,558],{"version":550,"is_range":52,"range_type":551,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":553,"is_range":52,"range_type":551,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":555,"is_range":52,"range_type":551,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":557,"is_range":52,"range_type":551,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":559,"is_range":52,"range_type":551,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.04",{"ecosystem":9,"name":561,"vendor":562,"product":563,"cpe_part":547,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":564},"debian linux","debian","debian_linux",[565],{"version":566,"is_range":52,"range_type":551,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":568,"vendor":568,"product":568,"cpe_part":569,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":570},"python","a",[571,578,582,586],{"version":572,"is_range":573,"range_type":551,"version_start":574,"version_start_type":575,"version_end":576,"version_end_type":577,"fixed_in":9},"gte2.7.0_lt2.7.17",true,"2.7.0","including","2.7.17","excluding",{"version":579,"is_range":573,"range_type":551,"version_start":580,"version_start_type":575,"version_end":581,"version_end_type":577,"fixed_in":9},"gte3.0.0_lt3.5.8","3.0.0","3.5.8",{"version":583,"is_range":573,"range_type":551,"version_start":584,"version_start_type":575,"version_end":585,"version_end_type":577,"fixed_in":9},"gte3.6.0_lt3.6.10","3.6.0","3.6.10",{"version":587,"is_range":573,"range_type":551,"version_start":588,"version_start_type":575,"version_end":589,"version_end_type":577,"fixed_in":9},"gte3.7.0_lt3.7.5","3.7.0","3.7.5"]