[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-3860":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":25,"downstream":26,"duplicates":67,"related":68,"reserved_at":9,"published_at":82,"modified_at":83,"state":84,"summary":85,"references_raw":94,"kevs":156,"epss":157,"epss_history":160,"metrics":422,"affected":439},"CVE-2019-3860","An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[],[],[27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65],{"_key":28},"ALPINE-CVE-2019-3860",{"_key":30},"SUSE-SU-2019:1606-2",{"_key":32},"SUSE-SU-2019:0655-1",{"_key":34},"SUSE-SU-2019:13982-1",{"_key":36},"SUSE-SU-2019:13997-1",{"_key":38},"SUSE-SU-2019:14098-1",{"_key":40},"SUSE-SU-2019:14099-1",{"_key":42},"SUSE-SU-2019:1606-1",{"_key":44},"SUSE-SU-2020:3551-1",{"_key":46},"OPENSUSE-SU-2019:1109-1",{"_key":48},"OPENSUSE-SU-2020:2126-1",{"_key":50},"OPENSUSE-SU-2020:2129-1",{"_key":52},"OPENSUSE-SU-2024:10999-1",{"_key":54},"DLA-1730-1",{"_key":56},"DLA-1730-4",{"_key":58},"DSA-4431-1",{"_key":60},"MGASA-2019-0139",{"_key":62},"UBUNTU-CVE-2019-3860",{"_key":64},"DEBIAN-CVE-2019-3860",{"_key":66},"USN-5308-1",[],[69,70,71,72,73,74,75,76,77,78,79,80,81],{"_key":30},{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":50},{"_key":52},{"_key":60},"2019-03-25T18:30:50.000Z","2024-08-04T19:19:18.589Z","Modified",{"cisa_kev":86,"cisa_ransomware":86,"cisa_vendor":9,"epss_severity":87,"epss_score":88,"severity":89,"severity_score":90,"severity_version":91,"severity_source":92,"severity_vector":93,"severity_status":84},false,"low",0.00972,"critical",9.1,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",[95,103,110,116,120,125,129,134,139,144,148,152],{"url":96,"sources":97,"tags":99},"https://www.libssh2.org/CVE-2019-3860.html",[98,92],"cve.org",[100,101,102],"X Refsource MISC","Patch","Vendor Advisory",{"url":104,"sources":105,"tags":106},"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860",[98,92],[107,108,109],"X Refsource CONFIRM","Issue Tracking","Third Party Advisory",{"url":111,"sources":112,"tags":113},"https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",[98,92],[114,115,109],"Mailing List","X Refsource MLIST",{"url":117,"sources":118,"tags":119},"https://security.netapp.com/advisory/ntap-20190327-0005/",[98,92],[107,109],{"url":121,"sources":122,"tags":123},"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html",[98,92],[102,124,114,109],"X Refsource SUSE",{"url":126,"sources":127,"tags":128},"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",[98,92],[102,124,109],{"url":130,"sources":131,"tags":132},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",[98,92],[102,133],"X Refsource FEDORA",{"url":135,"sources":136,"tags":137},"https://www.debian.org/security/2019/dsa-4431",[98,92],[102,138],"X Refsource DEBIAN",{"url":140,"sources":141,"tags":142},"https://seclists.org/bugtraq/2019/Apr/25",[98,92],[114,143],"X Refsource BUGTRAQ",{"url":145,"sources":146,"tags":147},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00072.html",[98,92],[102,124],{"url":149,"sources":150,"tags":151},"https://lists.debian.org/debian-lts-announce/2019/07/msg00028.html",[98,92],[114,115],{"url":153,"sources":154,"tags":155},"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",[98,92],[100],[],{"date":158,"score":88,"percentile":159},"2026-06-04",0.76983,[161,165,168,171,173,175,178,181,184,187,190,193,196,199,202,206,209,212,216,220,223,226,229,232,235,238,241,244,247,250,253,256,259,261,264,267,270,273,276,279,282,284,287,290,293,296,299,302,305,307,310,313,316,319,322,325,328,331,334,337,340,342,345,347,350,353,357,360,362,365,368,371,373,376,379,382,385,388,391,394,396,399,401,404,407,409,412,414,416,419],{"date":162,"score":163,"percentile":164},"2025-11-04",0.00808,0.73454,{"date":166,"score":163,"percentile":167},"2025-11-05",0.73438,{"date":169,"score":163,"percentile":170},"2025-11-06",0.73436,{"date":172,"score":163,"percentile":164},"2025-11-07",{"date":174,"score":163,"percentile":164},"2025-11-08",{"date":176,"score":163,"percentile":177},"2025-11-09",0.73449,{"date":179,"score":163,"percentile":180},"2025-11-10",0.73437,{"date":182,"score":163,"percentile":183},"2025-11-11",0.73443,{"date":185,"score":163,"percentile":186},"2025-11-12",0.73462,{"date":188,"score":163,"percentile":189},"2025-11-13",0.73469,{"date":191,"score":163,"percentile":192},"2025-11-14",0.73475,{"date":194,"score":163,"percentile":195},"2025-11-15",0.73472,{"date":197,"score":163,"percentile":198},"2025-11-16",0.73467,{"date":200,"score":163,"percentile":201},"2025-11-17",0.73461,{"date":203,"score":204,"percentile":205},"2025-11-18",0.02896,0.85094,{"date":207,"score":204,"percentile":208},"2025-11-19",0.85095,{"date":210,"score":204,"percentile":211},"2025-11-20",0.85098,{"date":213,"score":214,"percentile":215},"2025-11-21",0.00695,0.71141,{"date":217,"score":218,"percentile":219},"2025-11-22",0.00831,0.73815,{"date":221,"score":218,"percentile":222},"2025-11-23",0.738,{"date":224,"score":218,"percentile":225},"2025-11-24",0.73796,{"date":227,"score":218,"percentile":228},"2025-11-25",0.73797,{"date":230,"score":218,"percentile":231},"2025-11-26",0.73803,{"date":233,"score":218,"percentile":234},"2025-11-27",0.73805,{"date":236,"score":218,"percentile":237},"2025-11-28",0.73795,{"date":239,"score":218,"percentile":240},"2025-11-29",0.73784,{"date":242,"score":218,"percentile":243},"2025-11-30",0.73779,{"date":245,"score":218,"percentile":246},"2025-12-01",0.73911,{"date":248,"score":218,"percentile":249},"2025-12-02",0.73919,{"date":251,"score":218,"percentile":252},"2025-12-03",0.73918,{"date":254,"score":218,"percentile":255},"2025-12-04",0.73787,{"date":257,"score":163,"percentile":258},"2025-12-05",0.73458,{"date":260,"score":163,"percentile":258},"2025-12-06",{"date":262,"score":163,"percentile":263},"2025-12-07",0.73459,{"date":265,"score":163,"percentile":266},"2025-12-08",0.73464,{"date":268,"score":163,"percentile":269},"2025-12-09",0.7349,{"date":271,"score":163,"percentile":272},"2025-12-10",0.73521,{"date":274,"score":163,"percentile":275},"2025-12-11",0.73538,{"date":277,"score":163,"percentile":278},"2025-12-12",0.7356,{"date":280,"score":163,"percentile":281},"2025-12-13",0.73562,{"date":283,"score":163,"percentile":281},"2025-12-14",{"date":285,"score":163,"percentile":286},"2025-12-15",0.73566,{"date":288,"score":163,"percentile":289},"2025-12-16",0.73574,{"date":291,"score":163,"percentile":292},"2025-12-17",0.73585,{"date":294,"score":163,"percentile":295},"2025-12-18",0.73608,{"date":297,"score":163,"percentile":298},"2025-12-19",0.73626,{"date":300,"score":163,"percentile":301},"2025-12-20",0.73625,{"date":303,"score":163,"percentile":304},"2025-12-21",0.7362,{"date":306,"score":163,"percentile":304},"2025-12-22",{"date":308,"score":163,"percentile":309},"2025-12-23",0.73609,{"date":311,"score":163,"percentile":312},"2025-12-24",0.73621,{"date":314,"score":163,"percentile":315},"2025-12-25",0.73647,{"date":317,"score":163,"percentile":318},"2025-12-26",0.73645,{"date":320,"score":163,"percentile":321},"2025-12-27",0.73664,{"date":323,"score":163,"percentile":324},"2025-12-28",0.73622,{"date":326,"score":163,"percentile":327},"2025-12-29",0.73616,{"date":329,"score":163,"percentile":330},"2025-12-30",0.7363,{"date":332,"score":163,"percentile":333},"2025-12-31",0.7366,{"date":335,"score":163,"percentile":336},"2026-01-01",0.73809,{"date":338,"score":163,"percentile":339},"2026-01-02",0.7381,{"date":341,"score":163,"percentile":336},"2026-01-03",{"date":343,"score":163,"percentile":344},"2026-01-04",0.73675,{"date":346,"score":163,"percentile":321},"2026-01-05",{"date":348,"score":163,"percentile":349},"2026-01-06",0.73679,{"date":351,"score":163,"percentile":352},"2026-01-07",0.73687,{"date":354,"score":355,"percentile":356},"2026-01-08",0.00813,0.73757,{"date":358,"score":355,"percentile":359},"2026-01-09",0.73763,{"date":361,"score":355,"percentile":356},"2026-01-10",{"date":363,"score":355,"percentile":364},"2026-01-11",0.73744,{"date":366,"score":355,"percentile":367},"2026-01-12",0.73734,{"date":369,"score":355,"percentile":370},"2026-01-13",0.73732,{"date":372,"score":355,"percentile":356},"2026-01-14",{"date":374,"score":355,"percentile":375},"2026-01-15",0.73768,{"date":377,"score":355,"percentile":378},"2026-01-16",0.73785,{"date":380,"score":355,"percentile":381},"2026-01-17",0.73783,{"date":383,"score":355,"percentile":384},"2026-01-18",0.7376,{"date":386,"score":355,"percentile":387},"2026-01-19",0.73747,{"date":389,"score":355,"percentile":390},"2026-01-20",0.73751,{"date":392,"score":355,"percentile":393},"2026-01-21",0.73754,{"date":395,"score":355,"percentile":384},"2026-01-22",{"date":397,"score":355,"percentile":398},"2026-01-23",0.73788,{"date":400,"score":355,"percentile":228},"2026-01-24",{"date":402,"score":355,"percentile":403},"2026-01-25",0.73782,{"date":405,"score":355,"percentile":406},"2026-01-26",0.7378,{"date":408,"score":355,"percentile":378},"2026-01-27",{"date":410,"score":355,"percentile":411},"2026-01-28",0.73799,{"date":413,"score":355,"percentile":222},"2026-01-29",{"date":415,"score":355,"percentile":234},"2026-01-30",{"date":417,"score":355,"percentile":418},"2026-01-31",0.73811,{"date":420,"score":355,"percentile":421},"2026-02-01",0.73935,[423,430],{"source":98,"cvss_v2_0":9,"cvss_v3_0":424,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":425,"baseSeverity":426,"vectorString":427,"impactScore":428,"exploitabilityScore":429},5,"MEDIUM","CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",5.7,4.1,{"source":92,"cvss_v2_0":431,"cvss_v3_0":436,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":432,"baseSeverity":9,"vectorString":433,"impactScore":434,"exploitabilityScore":435},6.4,"AV:N/AC:L/Au:N/C:P/I:N/A:P",4.9,10,{"baseScore":90,"baseSeverity":437,"vectorString":93,"impactScore":438,"exploitabilityScore":435},"CRITICAL",8.7,[440,449,459,466,474],{"ecosystem":9,"name":441,"vendor":442,"product":443,"cpe_part":444,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":445},"debian linux","debian","debian_linux","o",[446],{"version":447,"is_range":86,"range_type":448,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"ecosystem":9,"name":450,"vendor":450,"product":450,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":452},"libssh2","a",[453],{"version":454,"is_range":455,"range_type":448,"version_start":456,"version_start_type":457,"version_end":458,"version_end_type":457,"fixed_in":9},"gte0.3_lte1.8.0",true,"0.3","including","1.8.0",{"ecosystem":9,"name":460,"vendor":461,"product":462,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":463},"ontap select deploy administration utility","netapp","ontap_select_deploy_administration_utility",[464],{"version":465,"is_range":86,"range_type":448,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":9,"name":467,"vendor":468,"product":467,"cpe_part":444,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":469},"leap","opensuse",[470,472],{"version":471,"is_range":86,"range_type":448,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0",{"version":473,"is_range":86,"range_type":448,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"42.3",{"ecosystem":9,"name":450,"vendor":475,"product":450,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":476},"the libssh2 project",[477],{"version":478,"is_range":86,"range_type":98,"version_start":478,"version_start_type":457,"version_end":478,"version_end_type":457,"fixed_in":9},"1.8.1"]