[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-5477":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":78,"related":79,"reserved_at":9,"published_at":91,"modified_at":92,"state":93,"summary":94,"references_raw":103,"kevs":143,"epss":144,"epss_history":147,"metrics":407,"affected":416},"CVE-2019-5477","A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-108","Command Line Execution through SQL Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-15","Command Delimiters",[],{"id":29,"name":30,"techniques":31},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":33,"name":34,"techniques":35},"CAPEC-6","Argument Injection",[],{"id":37,"name":38,"techniques":39},"CAPEC-88","OS Command Injection",[],[],[],[],[44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76],{"_key":45},"SUSE-SU-2019:2867-1",{"_key":47},"SUSE-SU-2019:2671-1",{"_key":49},"SUSE-SU-2021:0210-1",{"_key":51},"SUSE-SU-2021:0251-1",{"_key":53},"UBUNTU-CVE-2019-5477",{"_key":55},"USN-4175-1",{"_key":57},"OPENSUSE-SU-2021:0237-1",{"_key":59},"OPENSUSE-SU-2024:11912-1",{"_key":61},"OPENSUSE-SU-2024:13165-1",{"_key":63},"OPENSUSE-SU-2024:14174-1",{"_key":65},"OPENSUSE-SU-2025:14697-1",{"_key":67},"DLA-1933-1",{"_key":69},"DLA-3149-1",{"_key":71},"DLA-3150-1",{"_key":73},"OPENSUSE-SU-2026:10356-1",{"_key":75},"MGASA-2021-0063",{"_key":77},"DEBIAN-CVE-2019-5477",[],[80,81,82,83,84,85,86,87,88,89,90],{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":73},{"_key":75},"2019-08-16T00:00:00.000Z","2024-08-04T19:54:53.581Z","Modified",{"cisa_kev":95,"cisa_ransomware":95,"cisa_vendor":9,"epss_severity":96,"epss_score":97,"severity":98,"severity_score":99,"severity_version":100,"severity_source":101,"severity_vector":102,"severity_status":93},false,"low",0.09316,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[104,110,115,121,126,131,135,139],{"url":105,"sources":106,"tags":108},"https://hackerone.com/reports/650835",[107,101],"cve.org",[109],"Permissions Required",{"url":111,"sources":112,"tags":113},"https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc",[107,101],[114],"Release Notes",{"url":116,"sources":117,"tags":118},"https://github.com/sparklemotion/nokogiri/issues/1915",[107,101],[119,120],"Patch","Third Party Advisory",{"url":122,"sources":123,"tags":124},"https://lists.debian.org/debian-lts-announce/2019/09/msg00027.html",[107,101],[125,120],"Mailing List",{"url":127,"sources":128,"tags":129},"https://usn.ubuntu.com/4175-1/",[107,101],[130,120],"Vendor Advisory",{"url":132,"sources":133,"tags":134},"https://security.gentoo.org/glsa/202006-05",[107,101],[130,120],{"url":136,"sources":137,"tags":138},"https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html",[107,101],[125,120],{"url":140,"sources":141,"tags":142},"https://lists.debian.org/debian-lts-announce/2022/10/msg00019.html",[107,101],[125,120],[],{"date":145,"score":97,"percentile":146},"2026-06-04",0.92907,[148,152,155,158,160,163,166,169,171,174,177,180,183,185,188,192,195,198,201,204,206,209,212,215,218,220,223,225,229,232,235,238,241,243,247,249,252,255,258,261,264,267,269,272,275,278,280,283,286,288,291,294,297,300,304,307,310,313,316,320,323,326,329,332,335,338,341,343,346,349,351,353,356,359,362,365,368,371,373,375,378,381,384,387,390,393,396,398,401,404],{"date":149,"score":150,"percentile":151},"2025-11-04",0.0544,0.89717,{"date":153,"score":150,"percentile":154},"2025-11-05",0.89715,{"date":156,"score":150,"percentile":157},"2025-11-06",0.89712,{"date":159,"score":150,"percentile":151},"2025-11-07",{"date":161,"score":150,"percentile":162},"2025-11-08",0.8972,{"date":164,"score":150,"percentile":165},"2025-11-09",0.89718,{"date":167,"score":150,"percentile":168},"2025-11-10",0.89716,{"date":170,"score":150,"percentile":154},"2025-11-11",{"date":172,"score":150,"percentile":173},"2025-11-12",0.89723,{"date":175,"score":150,"percentile":176},"2025-11-13",0.89726,{"date":178,"score":150,"percentile":179},"2025-11-14",0.8973,{"date":181,"score":150,"percentile":182},"2025-11-15",0.89728,{"date":184,"score":150,"percentile":179},"2025-11-16",{"date":186,"score":150,"percentile":187},"2025-11-17",0.89727,{"date":189,"score":190,"percentile":191},"2025-11-18",0.14957,0.93944,{"date":193,"score":190,"percentile":194},"2025-11-19",0.93947,{"date":196,"score":190,"percentile":197},"2025-11-20",0.93952,{"date":199,"score":150,"percentile":200},"2025-11-21",0.89738,{"date":202,"score":150,"percentile":203},"2025-11-22",0.89741,{"date":205,"score":150,"percentile":200},"2025-11-23",{"date":207,"score":150,"percentile":208},"2025-11-24",0.89742,{"date":210,"score":150,"percentile":211},"2025-11-25",0.89747,{"date":213,"score":150,"percentile":214},"2025-11-26",0.89749,{"date":216,"score":150,"percentile":217},"2025-11-27",0.8975,{"date":219,"score":150,"percentile":208},"2025-11-28",{"date":221,"score":150,"percentile":222},"2025-11-29",0.89803,{"date":224,"score":150,"percentile":222},"2025-11-30",{"date":226,"score":227,"percentile":228},"2025-12-01",0.0542,0.89834,{"date":230,"score":227,"percentile":231},"2025-12-02",0.89836,{"date":233,"score":227,"percentile":234},"2025-12-03",0.89837,{"date":236,"score":150,"percentile":237},"2025-12-04",0.89807,{"date":239,"score":150,"percentile":240},"2025-12-05",0.89808,{"date":242,"score":150,"percentile":237},"2025-12-06",{"date":244,"score":245,"percentile":246},"2025-12-07",0.05874,0.90207,{"date":248,"score":245,"percentile":246},"2025-12-08",{"date":250,"score":245,"percentile":251},"2025-12-09",0.90211,{"date":253,"score":245,"percentile":254},"2025-12-10",0.9022,{"date":256,"score":245,"percentile":257},"2025-12-11",0.90224,{"date":259,"score":245,"percentile":260},"2025-12-12",0.90228,{"date":262,"score":245,"percentile":263},"2025-12-13",0.90229,{"date":265,"score":245,"percentile":266},"2025-12-14",0.90227,{"date":268,"score":245,"percentile":266},"2025-12-15",{"date":270,"score":245,"percentile":271},"2025-12-16",0.90223,{"date":273,"score":245,"percentile":274},"2025-12-17",0.90231,{"date":276,"score":245,"percentile":277},"2025-12-18",0.90239,{"date":279,"score":245,"percentile":277},"2025-12-19",{"date":281,"score":245,"percentile":282},"2025-12-20",0.90237,{"date":284,"score":245,"percentile":285},"2025-12-21",0.90248,{"date":287,"score":245,"percentile":285},"2025-12-22",{"date":289,"score":245,"percentile":290},"2025-12-23",0.90252,{"date":292,"score":245,"percentile":293},"2025-12-24",0.90258,{"date":295,"score":245,"percentile":296},"2025-12-25",0.9027,{"date":298,"score":245,"percentile":299},"2025-12-26",0.90269,{"date":301,"score":302,"percentile":303},"2025-12-27",0.05901,0.90344,{"date":305,"score":245,"percentile":306},"2025-12-28",0.90264,{"date":308,"score":245,"percentile":309},"2025-12-29",0.90259,{"date":311,"score":245,"percentile":312},"2025-12-30",0.90266,{"date":314,"score":245,"percentile":315},"2025-12-31",0.90274,{"date":317,"score":318,"percentile":319},"2026-01-01",0.05852,0.90324,{"date":321,"score":318,"percentile":322},"2026-01-02",0.90319,{"date":324,"score":318,"percentile":325},"2026-01-03",0.90318,{"date":327,"score":245,"percentile":328},"2026-01-04",0.90276,{"date":330,"score":245,"percentile":331},"2026-01-05",0.90272,{"date":333,"score":245,"percentile":334},"2026-01-06",0.90275,{"date":336,"score":245,"percentile":337},"2026-01-07",0.90278,{"date":339,"score":245,"percentile":340},"2026-01-08",0.90282,{"date":342,"score":245,"percentile":340},"2026-01-09",{"date":344,"score":245,"percentile":345},"2026-01-10",0.90285,{"date":347,"score":245,"percentile":348},"2026-01-11",0.90277,{"date":350,"score":245,"percentile":348},"2026-01-12",{"date":352,"score":245,"percentile":315},"2026-01-13",{"date":354,"score":245,"percentile":355},"2026-01-14",0.90289,{"date":357,"score":245,"percentile":358},"2026-01-15",0.90292,{"date":360,"score":245,"percentile":361},"2026-01-16",0.90296,{"date":363,"score":245,"percentile":364},"2026-01-17",0.90293,{"date":366,"score":245,"percentile":367},"2026-01-18",0.90295,{"date":369,"score":245,"percentile":370},"2026-01-19",0.90294,{"date":372,"score":245,"percentile":358},"2026-01-20",{"date":374,"score":245,"percentile":367},"2026-01-21",{"date":376,"score":245,"percentile":377},"2026-01-22",0.90297,{"date":379,"score":245,"percentile":380},"2026-01-23",0.90305,{"date":382,"score":245,"percentile":383},"2026-01-24",0.90311,{"date":385,"score":245,"percentile":386},"2026-01-25",0.90313,{"date":388,"score":245,"percentile":389},"2026-01-26",0.90314,{"date":391,"score":245,"percentile":392},"2026-01-27",0.90317,{"date":394,"score":245,"percentile":395},"2026-01-28",0.90323,{"date":397,"score":245,"percentile":395},"2026-01-29",{"date":399,"score":245,"percentile":400},"2026-01-30",0.90322,{"date":402,"score":245,"percentile":403},"2026-01-31",0.9033,{"date":405,"score":318,"percentile":406},"2026-02-01",0.90372,[408],{"source":101,"cvss_v2_0":409,"cvss_v3_0":9,"cvss_v3_1":414,"cvss_v4_0":9},{"baseScore":410,"baseSeverity":9,"vectorString":411,"impactScore":412,"exploitabilityScore":413},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":99,"baseSeverity":415,"vectorString":102,"impactScore":99,"exploitabilityScore":413},"CRITICAL",[417,432,441],{"ecosystem":9,"name":418,"vendor":419,"product":420,"cpe_part":421,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":422},"ubuntu linux","canonical","ubuntu_linux","o",[423,426,428,430],{"version":424,"is_range":95,"range_type":425,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04","cpe",{"version":427,"is_range":95,"range_type":425,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"18.04",{"version":429,"is_range":95,"range_type":425,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.04",{"version":431,"is_range":95,"range_type":425,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"19.10",{"ecosystem":9,"name":433,"vendor":434,"product":435,"cpe_part":421,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":436},"debian linux","debian","debian_linux",[437,439],{"version":438,"is_range":95,"range_type":425,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":440,"is_range":95,"range_type":425,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":442,"vendor":442,"product":442,"cpe_part":443,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":444},"nokogiri","a",[445],{"version":446,"is_range":447,"range_type":425,"version_start":9,"version_start_type":9,"version_end":448,"version_end_type":449,"fixed_in":9},"lte1.10.3",true,"1.10.3","including"]