[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-20916":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":50,"duplicate_of":9,"upstream":53,"downstream":54,"duplicates":155,"related":156,"reserved_at":9,"published_at":198,"modified_at":199,"state":200,"summary":201,"references_raw":209,"kevs":271,"epss":272,"epss_history":275,"metrics":530,"affected":545},"CVE-2019-20916","The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[41],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_PYPA_PIP","Pip","github","https://github.com/pypa/pip/issues/6413","poc",0.3,false,[],[51,52],"GHSA-gpvv-69j7-gwj8","PYSEC-2020-173",[],[55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141,143,145,147,149,151,153],{"_key":56},"SUSE-SU-2021:0344-1",{"_key":58},"SUSE-SU-2022:1454-1",{"_key":60},"OPENSUSE-SU-2021:0331-1",{"_key":62},"OPENSUSE-SU-2024:14029-1",{"_key":64},"SUSE-FU-2021:2130-1",{"_key":66},"SUSE-SU-2020:2698-1",{"_key":68},"SUSE-SU-2020:2726-1",{"_key":70},"SUSE-SU-2020:2784-1",{"_key":72},"SUSE-SU-2020:3016-1",{"_key":74},"SUSE-SU-2020:3563-1",{"_key":76},"SUSE-SU-2020:3565-1",{"_key":78},"SUSE-SU-2020:3566-1",{"_key":80},"SUSE-SU-2020:3593-1",{"_key":82},"SUSE-SU-2020:3594-1",{"_key":84},"SUSE-SU-2020:3596-1",{"_key":86},"SUSE-SU-2020:3597-1",{"_key":88},"SUSE-SU-2020:3599-1",{"_key":90},"SUSE-SU-2020:3737-1",{"_key":92},"SUSE-SU-2020:3765-1",{"_key":94},"SUSE-SU-2020:3865-1",{"_key":96},"SUSE-SU-2021:0355-1",{"_key":98},"SUSE-SU-2021:0428-1",{"_key":100},"SUSE-SU-2021:0432-1",{"_key":102},"SUSE-SU-2021:0529-1",{"_key":104},"SUSE-SU-2023:0516-2",{"_key":106},"UBUNTU-CVE-2019-20916",{"_key":108},"OPENSUSE-SU-2020:1598-1",{"_key":110},"OPENSUSE-SU-2020:1613-1",{"_key":112},"OPENSUSE-SU-2020:2143-1",{"_key":114},"OPENSUSE-SU-2020:2152-1",{"_key":116},"OPENSUSE-SU-2020:2169-1",{"_key":118},"OPENSUSE-SU-2020:2184-1",{"_key":120},"OPENSUSE-SU-2020:2185-1",{"_key":122},"OPENSUSE-SU-2020:2189-1",{"_key":124},"OPENSUSE-SU-2020:2190-1",{"_key":126},"OPENSUSE-SU-2020:2211-1",{"_key":128},"OPENSUSE-SU-2021:0270-1",{"_key":130},"OPENSUSE-SU-2024:11272-1",{"_key":132},"OPENSUSE-SU-2024:11284-1",{"_key":134},"OPENSUSE-SU-2024:11285-1",{"_key":136},"OPENSUSE-SU-2024:11551-1",{"_key":138},"DLA-2370-1",{"_key":140},"RHSA-2020:4432",{"_key":142},"RHSA-2022:5234",{"_key":144},"RHSA-2020:4273",{"_key":146},"RHSA-2020:4285",{"_key":148},"RHSA-2020:4654",{"_key":150},"MGASA-2021-0054",{"_key":152},"USN-4601-1",{"_key":154},"DEBIAN-CVE-2019-20916",[],[157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197],{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},{"_key":70},{"_key":72},{"_key":74},{"_key":76},{"_key":78},{"_key":80},{"_key":82},{"_key":84},{"_key":86},{"_key":88},{"_key":90},{"_key":92},{"_key":94},{"_key":96},{"_key":98},{"_key":100},{"_key":102},{"_key":104},{"_key":108},{"_key":110},{"_key":112},{"_key":114},{"_key":116},{"_key":118},{"_key":120},{"_key":122},{"_key":124},{"_key":126},{"_key":128},{"_key":130},{"_key":132},{"_key":134},{"_key":136},{"_key":150},"2020-09-04T19:20:55.000Z","2024-08-05T03:00:17.373Z","Modified",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":202,"epss_score":203,"severity":204,"severity_score":205,"severity_version":206,"severity_source":207,"severity_vector":208,"severity_status":200},"low",0.00622,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[210,220,225,229,236,242,246,250,254,259,263,267],{"url":45,"sources":211,"tags":214},[212,207,213],"cve.org","osv_pypi",[215,216,217,218,219],"X Refsource MISC","Exploit","Patch","WEB","REPORT",{"url":221,"sources":222,"tags":223},"https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace",[212,207,213],[215,217,218,224],"FIX",{"url":226,"sources":227,"tags":228},"https://github.com/pypa/pip/compare/19.1.1...19.2",[212,207,213],[215,217,218],{"url":230,"sources":231,"tags":232},"https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html",[212,207,213],[233,234,235,218],"Mailing List","X Refsource MLIST","Third Party Advisory",{"url":237,"sources":238,"tags":239},"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html",[212,207,213],[240,241,233,235,218],"Vendor Advisory","X Refsource SUSE",{"url":243,"sources":244,"tags":245},"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html",[212,207,213],[240,241,233,235,218],{"url":247,"sources":248,"tags":249},"https://www.oracle.com/security-alerts/cpuapr2022.html",[212,207,213],[215,217,235,218],{"url":251,"sources":252,"tags":253},"https://www.oracle.com/security-alerts/cpujul2022.html",[212,207,213],[215,217,235,218],{"url":255,"sources":256,"tags":257},"https://nvd.nist.gov/vuln/detail/CVE-2019-20916",[213],[258],"Advisory",{"url":260,"sources":261,"tags":262},"https://github.com/advisories/GHSA-gpvv-69j7-gwj8",[213],[258],{"url":264,"sources":265,"tags":266},"https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2020-173.yaml",[213],[218],{"url":268,"sources":269,"tags":270},"https://github.com/pypa/pip",[213],[218],[],{"date":273,"score":203,"percentile":274},"2026-06-04",0.70482,[276,279,282,285,288,291,294,297,299,302,305,308,311,314,317,321,324,327,330,333,336,339,341,343,346,349,352,354,357,360,363,365,367,370,372,374,377,380,383,386,389,392,394,397,400,403,406,409,412,414,416,419,422,425,428,430,433,435,437,440,443,445,448,451,454,457,460,463,466,469,472,475,478,481,484,487,490,493,495,498,500,503,506,509,512,515,518,521,524,527],{"date":277,"score":203,"percentile":278},"2025-11-04",0.69256,{"date":280,"score":203,"percentile":281},"2025-11-05",0.69242,{"date":283,"score":203,"percentile":284},"2025-11-06",0.69243,{"date":286,"score":203,"percentile":287},"2025-11-07",0.69254,{"date":289,"score":203,"percentile":290},"2025-11-08",0.69255,{"date":292,"score":203,"percentile":293},"2025-11-09",0.69245,{"date":295,"score":203,"percentile":296},"2025-11-10",0.69236,{"date":298,"score":203,"percentile":293},"2025-11-11",{"date":300,"score":203,"percentile":301},"2025-11-12",0.69269,{"date":303,"score":203,"percentile":304},"2025-11-13",0.69275,{"date":306,"score":203,"percentile":307},"2025-11-14",0.69284,{"date":309,"score":203,"percentile":310},"2025-11-15",0.6928,{"date":312,"score":203,"percentile":313},"2025-11-16",0.69276,{"date":315,"score":203,"percentile":316},"2025-11-17",0.69274,{"date":318,"score":319,"percentile":320},"2025-11-18",0.02725,0.84648,{"date":322,"score":319,"percentile":323},"2025-11-19",0.84647,{"date":325,"score":319,"percentile":326},"2025-11-20",0.84653,{"date":328,"score":203,"percentile":329},"2025-11-21",0.69297,{"date":331,"score":203,"percentile":332},"2025-11-22",0.69294,{"date":334,"score":203,"percentile":335},"2025-11-23",0.69283,{"date":337,"score":203,"percentile":338},"2025-11-24",0.69271,{"date":340,"score":203,"percentile":316},"2025-11-25",{"date":342,"score":203,"percentile":310},"2025-11-26",{"date":344,"score":203,"percentile":345},"2025-11-27",0.69282,{"date":347,"score":203,"percentile":348},"2025-11-28",0.69272,{"date":350,"score":203,"percentile":351},"2025-11-29",0.6926,{"date":353,"score":203,"percentile":278},"2025-11-30",{"date":355,"score":203,"percentile":356},"2025-12-01",0.69405,{"date":358,"score":203,"percentile":359},"2025-12-02",0.69413,{"date":361,"score":203,"percentile":362},"2025-12-03",0.69411,{"date":364,"score":203,"percentile":287},"2025-12-04",{"date":366,"score":203,"percentile":301},"2025-12-05",{"date":368,"score":203,"percentile":369},"2025-12-06",0.69273,{"date":371,"score":203,"percentile":301},"2025-12-07",{"date":373,"score":203,"percentile":369},"2025-12-08",{"date":375,"score":203,"percentile":376},"2025-12-09",0.69301,{"date":378,"score":203,"percentile":379},"2025-12-10",0.69344,{"date":381,"score":203,"percentile":382},"2025-12-11",0.69367,{"date":384,"score":203,"percentile":385},"2025-12-12",0.69393,{"date":387,"score":203,"percentile":388},"2025-12-13",0.69395,{"date":390,"score":203,"percentile":391},"2025-12-14",0.69399,{"date":393,"score":203,"percentile":388},"2025-12-15",{"date":395,"score":203,"percentile":396},"2025-12-16",0.69403,{"date":398,"score":203,"percentile":399},"2025-12-17",0.69417,{"date":401,"score":203,"percentile":402},"2025-12-18",0.69447,{"date":404,"score":203,"percentile":405},"2025-12-19",0.69464,{"date":407,"score":203,"percentile":408},"2025-12-20",0.69462,{"date":410,"score":203,"percentile":411},"2025-12-21",0.69445,{"date":413,"score":203,"percentile":402},"2025-12-22",{"date":415,"score":203,"percentile":402},"2025-12-23",{"date":417,"score":203,"percentile":418},"2025-12-24",0.69454,{"date":420,"score":203,"percentile":421},"2025-12-25",0.6948,{"date":423,"score":203,"percentile":424},"2025-12-26",0.69478,{"date":426,"score":203,"percentile":427},"2025-12-27",0.69527,{"date":429,"score":203,"percentile":418},"2025-12-28",{"date":431,"score":203,"percentile":432},"2025-12-29",0.6945,{"date":434,"score":203,"percentile":408},"2025-12-30",{"date":436,"score":203,"percentile":424},"2025-12-31",{"date":438,"score":203,"percentile":439},"2026-01-01",0.69645,{"date":441,"score":203,"percentile":442},"2026-01-02",0.69637,{"date":444,"score":203,"percentile":442},"2026-01-03",{"date":446,"score":203,"percentile":447},"2026-01-04",0.69482,{"date":449,"score":203,"percentile":450},"2026-01-05",0.69468,{"date":452,"score":203,"percentile":453},"2026-01-06",0.69477,{"date":455,"score":203,"percentile":456},"2026-01-07",0.69491,{"date":458,"score":203,"percentile":459},"2026-01-08",0.69506,{"date":461,"score":203,"percentile":462},"2026-01-09",0.69512,{"date":464,"score":203,"percentile":465},"2026-01-10",0.69511,{"date":467,"score":203,"percentile":468},"2026-01-11",0.69503,{"date":470,"score":203,"percentile":471},"2026-01-12",0.69495,{"date":473,"score":203,"percentile":474},"2026-01-13",0.69493,{"date":476,"score":203,"percentile":477},"2026-01-14",0.69524,{"date":479,"score":203,"percentile":480},"2026-01-15",0.69529,{"date":482,"score":203,"percentile":483},"2026-01-16",0.69545,{"date":485,"score":203,"percentile":486},"2026-01-17",0.69538,{"date":488,"score":203,"percentile":489},"2026-01-18",0.69525,{"date":491,"score":203,"percentile":492},"2026-01-19",0.69517,{"date":494,"score":203,"percentile":489},"2026-01-20",{"date":496,"score":203,"percentile":497},"2026-01-21",0.69534,{"date":499,"score":203,"percentile":483},"2026-01-22",{"date":501,"score":203,"percentile":502},"2026-01-23",0.69575,{"date":504,"score":203,"percentile":505},"2026-01-24",0.69581,{"date":507,"score":203,"percentile":508},"2026-01-25",0.69552,{"date":510,"score":203,"percentile":511},"2026-01-26",0.69547,{"date":513,"score":203,"percentile":514},"2026-01-27",0.6955,{"date":516,"score":203,"percentile":517},"2026-01-28",0.69562,{"date":519,"score":203,"percentile":520},"2026-01-29",0.69559,{"date":522,"score":203,"percentile":523},"2026-01-30",0.69567,{"date":525,"score":203,"percentile":526},"2026-01-31",0.69572,{"date":528,"score":203,"percentile":529},"2026-02-01",0.69714,[531,540],{"source":207,"cvss_v2_0":532,"cvss_v3_0":9,"cvss_v3_1":537,"cvss_v4_0":9},{"baseScore":533,"baseSeverity":9,"vectorString":534,"impactScore":535,"exploitabilityScore":536},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":205,"baseSeverity":538,"vectorString":208,"impactScore":539,"exploitabilityScore":536},"HIGH",6,{"source":213,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":541,"cvss_v4_0":542},{"baseScore":205,"baseSeverity":9,"vectorString":208,"impactScore":539,"exploitabilityScore":536},{"baseScore":543,"baseSeverity":9,"vectorString":544,"impactScore":9,"exploitabilityScore":9},8.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",[546,555,563,573,579,588],{"ecosystem":9,"name":547,"vendor":548,"product":549,"cpe_part":550,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":551},"debian linux","debian","debian_linux","o",[552],{"version":553,"is_range":48,"range_type":554,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"ecosystem":9,"name":556,"vendor":557,"product":556,"cpe_part":550,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":558},"leap","opensuse",[559,561],{"version":560,"is_range":48,"range_type":554,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"version":562,"is_range":48,"range_type":554,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.2",{"ecosystem":9,"name":564,"vendor":565,"product":566,"cpe_part":567,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":568},"communications cloud native core network function cloud native environment","oracle","communications_cloud_native_core_network_function_cloud_native_environment","a",[569,571],{"version":570,"is_range":48,"range_type":554,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.10.0",{"version":572,"is_range":48,"range_type":554,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"22.1.0",{"ecosystem":9,"name":574,"vendor":565,"product":575,"cpe_part":567,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":576},"communications cloud native core policy","communications_cloud_native_core_policy",[577],{"version":578,"is_range":48,"range_type":554,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.15.0",{"ecosystem":9,"name":580,"vendor":581,"product":580,"cpe_part":567,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":582},"pip","pypa",[583],{"version":584,"is_range":585,"range_type":554,"version_start":9,"version_start_type":9,"version_end":586,"version_end_type":587,"fixed_in":9},"lt19.2",true,"19.2","excluding",{"ecosystem":589,"name":580,"vendor":589,"product":580,"cpe_part":9,"purl_type":590,"purl_namespace":9,"purl_name":580,"source":9,"versions":591},"PyPI","pypi",[592,596],{"version":593,"is_range":585,"range_type":594,"version_start":9,"version_start_type":9,"version_end":595,"version_end_type":587,"fixed_in":9},"lta4c735b14a62f9cb864533808ac63936704f2ace","ecosystem","a4c735b14a62f9cb864533808ac63936704f2ace",{"version":597,"is_range":585,"range_type":594,"version_start":9,"version_start_type":9,"version_end":586,"version_end_type":587,"fixed_in":9},"lt19_2"]