[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-20907":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":20,"duplicate_of":9,"upstream":21,"downstream":22,"duplicates":117,"related":118,"reserved_at":9,"published_at":146,"modified_at":147,"state":148,"summary":149,"references_raw":158,"kevs":273,"epss":274,"epss_history":277,"metrics":554,"affected":564},"CVE-2019-20907","In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-835","Loop with Unreachable Exit Condition ('Infinite Loop')","The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.","weakness","Incomplete","Base",[],[],[],[],[23,25,27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115],{"_key":24},"ALPINE-CVE-2019-20907",{"_key":26},"SUSE-SU-2020:2216-1",{"_key":28},"SUSE-SU-2020:2275-1",{"_key":30},"SUSE-SU-2020:2276-1",{"_key":32},"SUSE-SU-2020:2277-1",{"_key":34},"SUSE-SU-2020:2699-1",{"_key":36},"SUSE-SU-2020:3563-1",{"_key":38},"SUSE-SU-2020:3930-1",{"_key":40},"OPENSUSE-SU-2020:1254-1",{"_key":42},"OPENSUSE-SU-2020:1257-1",{"_key":44},"OPENSUSE-SU-2020:1258-1",{"_key":46},"OPENSUSE-SU-2020:1265-1",{"_key":48},"OPENSUSE-SU-2020:2332-1",{"_key":50},"OPENSUSE-SU-2020:2333-1",{"_key":52},"OPENSUSE-SU-2024:11283-1",{"_key":54},"OPENSUSE-SU-2024:11284-1",{"_key":56},"OPENSUSE-SU-2024:11285-1",{"_key":58},"OPENSUSE-SU-2024:11286-1",{"_key":60},"OPENSUSE-SU-2024:11551-1",{"_key":62},"OPENSUSE-SU-2024:12089-1",{"_key":64},"OPENSUSE-SU-2024:12910-1",{"_key":66},"OPENSUSE-SU-2024:14109-1",{"_key":68},"OPENSUSE-SU-2024:14434-1",{"_key":70},"DLA-2337-1",{"_key":72},"DLA-2456-1",{"_key":74},"DLA-3432-1",{"_key":76},"RHSA-2020:4273",{"_key":78},"RHSA-2020:4285",{"_key":80},"RHSA-2020:4433",{"_key":82},"RHSA-2020:4641",{"_key":84},"RHSA-2020:4654",{"_key":86},"RHSA-2020:5009",{"_key":88},"RHSA-2020:5010",{"_key":90},"RHSA-2021:0528",{"_key":92},"RHSA-2021:0761",{"_key":94},"RHSA-2021:0881",{"_key":96},"SUSE-SU-2025:20025-1",{"_key":98},"SUSE-SU-2025:20154-1",{"_key":100},"SUSE-SU-2025:20492-1",{"_key":102},"OPENSUSE-SU-2025:15713-1",{"_key":104},"RHSA-2020:4299",{"_key":106},"MGASA-2020-0451",{"_key":108},"UBUNTU-CVE-2019-20907",{"_key":110},"USN-4428-1",{"_key":112},"USN-4754-3",{"_key":114},"DEBIAN-CVE-2019-20907",{"_key":116},"USN-6891-1",[],[119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145],{"_key":26},{"_key":28},{"_key":30},{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":50},{"_key":52},{"_key":54},{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},{"_key":96},{"_key":98},{"_key":100},{"_key":102},{"_key":106},"2020-07-13T00:00:00.000Z","2024-08-05T02:53:09.456Z","Modified",{"cisa_kev":150,"cisa_ransomware":150,"cisa_vendor":9,"epss_severity":151,"epss_score":152,"severity":153,"severity_score":154,"severity_version":155,"severity_source":156,"severity_vector":157,"severity_status":148},false,"low",0.00323,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[159,165,169,174,178,182,186,190,194,198,202,206,210,214,218,222,227,231,235,239,243,247,251,256,261,265,269],{"url":160,"sources":161,"tags":163},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/",[162,156],"cve.org",[164],"Vendor Advisory",{"url":166,"sources":167,"tags":168},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAXHCY4V3LPAAJOBCJ26ISZ4NUXQXTUZ/",[162,156],[164],{"url":170,"sources":171,"tags":172},"https://usn.ubuntu.com/4428-1/",[162,156],[164,173],"Third Party Advisory",{"url":175,"sources":176,"tags":177},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/",[162,156],[164],{"url":179,"sources":180,"tags":181},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSL3XWVDMSMKO23HR74AJQ6VEM3C2NTS/",[162,156],[164],{"url":183,"sources":184,"tags":185},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/",[162,156],[164],{"url":187,"sources":188,"tags":189},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOGKLGTXZLHQQFBVCAPSUDA6DOOJFNRY/",[162,156],[164],{"url":191,"sources":192,"tags":193},"https://security.gentoo.org/glsa/202008-01",[162,156],[164,173],{"url":195,"sources":196,"tags":197},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDKKRXLNVXRF6VGERZSR3OMQR5D5QI6I/",[162,156],[164],{"url":199,"sources":200,"tags":201},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/",[162,156],[164],{"url":203,"sources":204,"tags":205},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/",[162,156],[164],{"url":207,"sources":208,"tags":209},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/",[162,156],[164],{"url":211,"sources":212,"tags":213},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/",[162,156],[164],{"url":215,"sources":216,"tags":217},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/",[162,156],[164],{"url":219,"sources":220,"tags":221},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/",[162,156],[164],{"url":223,"sources":224,"tags":225},"https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html",[162,156],[226,173],"Mailing List",{"url":228,"sources":229,"tags":230},"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00051.html",[162,156],[164,226,173],{"url":232,"sources":233,"tags":234},"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00052.html",[162,156],[164,226,173],{"url":236,"sources":237,"tags":238},"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00053.html",[162,156],[164,226,173],{"url":240,"sources":241,"tags":242},"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00056.html",[162,156],[164,226,173],{"url":244,"sources":245,"tags":246},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/",[162,156],[164],{"url":248,"sources":249,"tags":250},"https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html",[162,156],[226,173],{"url":252,"sources":253,"tags":254},"https://www.oracle.com/security-alerts/cpujan2021.html",[162,156],[255,173],"Patch",{"url":257,"sources":258,"tags":259},"https://bugs.python.org/issue39017",[162,156],[260,164],"Issue Tracking",{"url":262,"sources":263,"tags":264},"https://github.com/python/cpython/pull/21454",[162,156],[255,173],{"url":266,"sources":267,"tags":268},"https://security.netapp.com/advisory/ntap-20200731-0002/",[162,156],[173],{"url":270,"sources":271,"tags":272},"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html",[162,156],[226],[],{"date":275,"score":152,"percentile":276},"2026-06-04",0.55643,[278,282,285,288,291,294,297,300,302,305,308,311,314,317,320,324,327,330,334,338,341,344,347,350,353,356,359,362,365,368,370,373,376,379,382,385,388,391,394,397,400,403,406,409,412,416,419,422,426,429,432,435,438,441,445,448,451,454,457,460,463,466,469,472,475,478,481,484,487,490,493,496,499,502,505,508,512,515,518,521,524,527,530,533,536,539,542,545,548,551],{"date":279,"score":280,"percentile":281},"2025-11-04",0.00289,0.5201,{"date":283,"score":280,"percentile":284},"2025-11-05",0.51985,{"date":286,"score":280,"percentile":287},"2025-11-06",0.52003,{"date":289,"score":280,"percentile":290},"2025-11-07",0.52026,{"date":292,"score":280,"percentile":293},"2025-11-08",0.5203,{"date":295,"score":280,"percentile":296},"2025-11-09",0.52024,{"date":298,"score":280,"percentile":299},"2025-11-10",0.51997,{"date":301,"score":280,"percentile":281},"2025-11-11",{"date":303,"score":280,"percentile":304},"2025-11-12",0.52035,{"date":306,"score":280,"percentile":307},"2025-11-13",0.52039,{"date":309,"score":280,"percentile":310},"2025-11-14",0.52043,{"date":312,"score":280,"percentile":313},"2025-11-15",0.52036,{"date":315,"score":280,"percentile":316},"2025-11-16",0.52016,{"date":318,"score":280,"percentile":319},"2025-11-17",0.51998,{"date":321,"score":322,"percentile":323},"2025-11-18",0.04099,0.87461,{"date":325,"score":322,"percentile":326},"2025-11-19",0.87465,{"date":328,"score":322,"percentile":329},"2025-11-20",0.87468,{"date":331,"score":332,"percentile":333},"2025-11-21",0.00299,0.52777,{"date":335,"score":336,"percentile":337},"2025-11-22",0.00297,0.52687,{"date":339,"score":336,"percentile":340},"2025-11-23",0.52649,{"date":342,"score":336,"percentile":343},"2025-11-24",0.52641,{"date":345,"score":336,"percentile":346},"2025-11-25",0.52645,{"date":348,"score":336,"percentile":349},"2025-11-26",0.52648,{"date":351,"score":336,"percentile":352},"2025-11-27",0.52654,{"date":354,"score":336,"percentile":355},"2025-11-28",0.52627,{"date":357,"score":336,"percentile":358},"2025-11-29",0.52603,{"date":360,"score":336,"percentile":361},"2025-11-30",0.52593,{"date":363,"score":336,"percentile":364},"2025-12-01",0.52744,{"date":366,"score":336,"percentile":367},"2025-12-02",0.52762,{"date":369,"score":336,"percentile":367},"2025-12-03",{"date":371,"score":336,"percentile":372},"2025-12-04",0.52608,{"date":374,"score":280,"percentile":375},"2025-12-05",0.51936,{"date":377,"score":280,"percentile":378},"2025-12-06",0.51934,{"date":380,"score":280,"percentile":381},"2025-12-07",0.51923,{"date":383,"score":280,"percentile":384},"2025-12-08",0.51929,{"date":386,"score":280,"percentile":387},"2025-12-09",0.51949,{"date":389,"score":280,"percentile":390},"2025-12-10",0.52014,{"date":392,"score":280,"percentile":393},"2025-12-11",0.52032,{"date":395,"score":280,"percentile":396},"2025-12-12",0.52059,{"date":398,"score":280,"percentile":399},"2025-12-13",0.52051,{"date":401,"score":280,"percentile":402},"2025-12-14",0.52038,{"date":404,"score":280,"percentile":405},"2025-12-15",0.5202,{"date":407,"score":280,"percentile":408},"2025-12-16",0.52034,{"date":410,"score":280,"percentile":411},"2025-12-17",0.52053,{"date":413,"score":414,"percentile":415},"2025-12-18",0.00332,0.55627,{"date":417,"score":414,"percentile":418},"2025-12-19",0.5563,{"date":420,"score":414,"percentile":421},"2025-12-20",0.55621,{"date":423,"score":424,"percentile":425},"2025-12-21",0.00306,0.53405,{"date":427,"score":424,"percentile":428},"2025-12-22",0.53384,{"date":430,"score":424,"percentile":431},"2025-12-23",0.53387,{"date":433,"score":336,"percentile":434},"2025-12-24",0.5276,{"date":436,"score":336,"percentile":437},"2025-12-25",0.52808,{"date":439,"score":336,"percentile":440},"2025-12-26",0.528,{"date":442,"score":443,"percentile":444},"2025-12-27",0.00419,0.61382,{"date":446,"score":336,"percentile":447},"2025-12-28",0.52776,{"date":449,"score":336,"percentile":450},"2025-12-29",0.52755,{"date":452,"score":336,"percentile":453},"2025-12-30",0.5275,{"date":455,"score":336,"percentile":456},"2025-12-31",0.52767,{"date":458,"score":336,"percentile":459},"2026-01-01",0.52934,{"date":461,"score":152,"percentile":462},"2026-01-02",0.55033,{"date":464,"score":152,"percentile":465},"2026-01-03",0.55023,{"date":467,"score":152,"percentile":468},"2026-01-04",0.54856,{"date":470,"score":152,"percentile":471},"2026-01-05",0.54844,{"date":473,"score":152,"percentile":474},"2026-01-06",0.54853,{"date":476,"score":152,"percentile":477},"2026-01-07",0.54878,{"date":479,"score":152,"percentile":480},"2026-01-08",0.54899,{"date":482,"score":152,"percentile":483},"2026-01-09",0.54892,{"date":485,"score":152,"percentile":486},"2026-01-10",0.54891,{"date":488,"score":152,"percentile":489},"2026-01-11",0.54869,{"date":491,"score":152,"percentile":492},"2026-01-12",0.54824,{"date":494,"score":152,"percentile":495},"2026-01-13",0.54801,{"date":497,"score":152,"percentile":498},"2026-01-14",0.5485,{"date":500,"score":152,"percentile":501},"2026-01-15",0.54851,{"date":503,"score":152,"percentile":504},"2026-01-16",0.54875,{"date":506,"score":152,"percentile":507},"2026-01-17",0.54866,{"date":509,"score":510,"percentile":511},"2026-01-18",0.00325,0.54956,{"date":513,"score":510,"percentile":514},"2026-01-19",0.54944,{"date":516,"score":510,"percentile":517},"2026-01-20",0.54946,{"date":519,"score":510,"percentile":520},"2026-01-21",0.54949,{"date":522,"score":414,"percentile":523},"2026-01-22",0.5555,{"date":525,"score":414,"percentile":526},"2026-01-23",0.55594,{"date":528,"score":414,"percentile":529},"2026-01-24",0.55598,{"date":531,"score":414,"percentile":532},"2026-01-25",0.55558,{"date":534,"score":414,"percentile":535},"2026-01-26",0.55545,{"date":537,"score":414,"percentile":538},"2026-01-27",0.55557,{"date":540,"score":414,"percentile":541},"2026-01-28",0.5557,{"date":543,"score":414,"percentile":544},"2026-01-29",0.55572,{"date":546,"score":414,"percentile":547},"2026-01-30",0.55578,{"date":549,"score":414,"percentile":550},"2026-01-31",0.55582,{"date":552,"score":414,"percentile":553},"2026-02-01",0.55724,[555],{"source":156,"cvss_v2_0":556,"cvss_v3_0":9,"cvss_v3_1":561,"cvss_v4_0":9},{"baseScore":557,"baseSeverity":9,"vectorString":558,"impactScore":559,"exploitabilityScore":560},5,"AV:N/AC:L/Au:N/C:N/I:N/A:P",2.9,10,{"baseScore":154,"baseSeverity":562,"vectorString":157,"impactScore":563,"exploitabilityScore":560},"HIGH",6,[565,582,589,597,608,614,622,629],{"ecosystem":9,"name":566,"vendor":567,"product":568,"cpe_part":569,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":570},"ubuntu linux","canonical","ubuntu_linux","o",[571,574,576,578,580],{"version":572,"is_range":150,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":575,"is_range":150,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":577,"is_range":150,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"version":579,"is_range":150,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":581,"is_range":150,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"20.04",{"ecosystem":9,"name":583,"vendor":584,"product":585,"cpe_part":569,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":586},"debian linux","debian","debian_linux",[587],{"version":588,"is_range":150,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":590,"vendor":591,"product":590,"cpe_part":569,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":592},"fedora","fedoraproject",[593,595],{"version":594,"is_range":150,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"31",{"version":596,"is_range":150,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"32",{"ecosystem":9,"name":598,"vendor":599,"product":600,"cpe_part":601,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":602},"active iq unified manager","netapp","active_iq_unified_manager","a",[603],{"version":604,"is_range":605,"range_type":573,"version_start":606,"version_start_type":607,"version_end":9,"version_end_type":9,"fixed_in":9},"gte9.5",true,"9.5","including",{"ecosystem":9,"name":609,"vendor":599,"product":610,"cpe_part":601,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":611},"cloud volumes ontap mediator","cloud_volumes_ontap_mediator",[612],{"version":613,"is_range":150,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":9,"name":615,"vendor":616,"product":615,"cpe_part":569,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":617},"leap","opensuse",[618,620],{"version":619,"is_range":150,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"version":621,"is_range":150,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.2",{"ecosystem":9,"name":623,"vendor":624,"product":625,"cpe_part":601,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":626},"zfs storage appliance kit","oracle","zfs_storage_appliance_kit",[627],{"version":628,"is_range":150,"range_type":573,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.8",{"ecosystem":9,"name":630,"vendor":630,"product":630,"cpe_part":601,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":631},"python",[632,637,641,645],{"version":633,"is_range":605,"range_type":573,"version_start":634,"version_start_type":607,"version_end":635,"version_end_type":636,"fixed_in":9},"gte3.5.0_lt3.5.10","3.5.0","3.5.10","excluding",{"version":638,"is_range":605,"range_type":573,"version_start":639,"version_start_type":607,"version_end":640,"version_end_type":636,"fixed_in":9},"gte3.6.0_lt3.6.12","3.6.0","3.6.12",{"version":642,"is_range":605,"range_type":573,"version_start":643,"version_start_type":607,"version_end":644,"version_end_type":636,"fixed_in":9},"gte3.7.0_lt3.7.9","3.7.0","3.7.9",{"version":646,"is_range":605,"range_type":573,"version_start":647,"version_start_type":607,"version_end":648,"version_end_type":636,"fixed_in":9},"gte3.8.0_lt3.8.5","3.8.0","3.8.5"]