[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-9020":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":31,"aliases":45,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":80,"related":81,"reserved_at":9,"published_at":91,"modified_at":92,"state":93,"summary":94,"references_raw":102,"kevs":168,"epss":169,"epss_history":172,"metrics":421,"affected":430},"CVE-2019-9020","An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.",null,[11,23],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],{"_key":24,"id":24,"name":25,"description":26,"type":15,"status":27,"abstraction":28,"likelihood_of_exploit":29,"capec":30},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","Stable","Variant","High",[],[32,41],{"_key":33,"name":34,"source":35,"url":36,"maturity":37,"reliability_score":38,"verified":39,"type":9,"platforms":40,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_ED262E4ED8B948ED","Exploit Reference (bugs.php.net)","reference","https://bugs.php.net/bug.php?id=77249","unknown",0.2,false,[],{"_key":42,"name":34,"source":35,"url":43,"maturity":37,"reliability_score":38,"verified":39,"type":9,"platforms":44,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_3BFF9F177FF103A2","https://bugs.php.net/bug.php?id=77242",[],[],[],[48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78],{"_key":49},"SUSE-RU-2019:0823-1",{"_key":51},"SUSE-SU-2019:0985-1",{"_key":53},"SUSE-SU-2019:14013-1",{"_key":55},"SUSE-SU-2019:1461-1",{"_key":57},"SUSE-SU-2022:4067-1",{"_key":59},"OPENSUSE-SU-2019:1572-1",{"_key":61},"OPENSUSE-SU-2019:1573-1",{"_key":63},"OPENSUSE-SU-2024:11167-1",{"_key":65},"OPENSUSE-SU-2024:11169-1",{"_key":67},"RHSA-2020:1624",{"_key":69},"DLA-1679-1",{"_key":71},"DSA-4398-1",{"_key":73},"UBUNTU-CVE-2019-9020",{"_key":75},"USN-3902-1",{"_key":77},"RHSA-2019:2519",{"_key":79},"RHSA-2019:3299",[],[82,83,84,85,86,87,88,89,90],{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},"2019-02-22T23:00:00.000Z","2024-08-04T21:31:37.504Z","Modified",{"cisa_kev":39,"cisa_ransomware":39,"cisa_vendor":9,"epss_severity":95,"epss_score":96,"severity":97,"severity_score":98,"severity_version":99,"severity_source":100,"severity_vector":101,"severity_status":93},"low",0.02394,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[103,111,117,122,126,132,136,141,146,151,155,159,164],{"url":36,"sources":104,"tags":106},[105,100],"cve.org",[107,108,109,110],"X Refsource MISC","Exploit","Issue Tracking","Vendor Advisory",{"url":112,"sources":113,"tags":114},"https://usn.ubuntu.com/3902-2/",[105,100],[110,115,116],"X Refsource UBUNTU","Third Party Advisory",{"url":118,"sources":119,"tags":120},"https://www.debian.org/security/2019/dsa-4398",[105,100],[110,121,116],"X Refsource DEBIAN",{"url":123,"sources":124,"tags":125},"https://usn.ubuntu.com/3902-1/",[105,100],[110,115,116],{"url":127,"sources":128,"tags":129},"http://www.securityfocus.com/bid/107156",[105,100],[130,131,116],"VDB Entry","X Refsource BID",{"url":43,"sources":133,"tags":134},[105,100],[107,108,109,135,110],"Patch",{"url":137,"sources":138,"tags":139},"https://security.netapp.com/advisory/ntap-20190321-0001/",[105,100],[140,116],"X Refsource CONFIRM",{"url":142,"sources":143,"tags":144},"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html",[105,100],[110,145,116],"X Refsource SUSE",{"url":147,"sources":148,"tags":149},"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html",[105,100],[110,145,150,116],"Mailing List",{"url":152,"sources":153,"tags":154},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html",[105,100],[110,145],{"url":156,"sources":157,"tags":158},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html",[105,100],[110,145],{"url":160,"sources":161,"tags":162},"https://access.redhat.com/errata/RHSA-2019:2519",[105,100],[110,163],"X Refsource REDHAT",{"url":165,"sources":166,"tags":167},"https://access.redhat.com/errata/RHSA-2019:3299",[105,100],[110,163],[],{"date":170,"score":96,"percentile":171},"2026-06-04",0.85324,[173,177,180,183,186,189,192,194,196,199,202,205,208,211,213,217,220,223,226,229,231,234,237,239,241,244,247,250,254,257,259,262,265,268,271,275,278,281,284,287,290,293,296,299,301,304,307,309,311,314,317,320,322,324,328,331,334,336,339,343,346,349,351,353,355,357,359,361,363,365,367,370,372,375,378,380,382,384,387,389,391,394,397,400,403,406,409,412,415,418],{"date":174,"score":175,"percentile":176},"2025-11-04",0.03159,0.86396,{"date":178,"score":175,"percentile":179},"2025-11-05",0.86399,{"date":181,"score":175,"percentile":182},"2025-11-06",0.86397,{"date":184,"score":175,"percentile":185},"2025-11-07",0.86405,{"date":187,"score":175,"percentile":188},"2025-11-08",0.86409,{"date":190,"score":175,"percentile":191},"2025-11-09",0.86403,{"date":193,"score":175,"percentile":191},"2025-11-10",{"date":195,"score":175,"percentile":188},"2025-11-11",{"date":197,"score":175,"percentile":198},"2025-11-12",0.86414,{"date":200,"score":175,"percentile":201},"2025-11-13",0.8642,{"date":203,"score":175,"percentile":204},"2025-11-14",0.86422,{"date":206,"score":175,"percentile":207},"2025-11-15",0.86416,{"date":209,"score":175,"percentile":210},"2025-11-16",0.86418,{"date":212,"score":175,"percentile":188},"2025-11-17",{"date":214,"score":215,"percentile":216},"2025-11-18",0.01785,0.81233,{"date":218,"score":215,"percentile":219},"2025-11-19",0.81234,{"date":221,"score":215,"percentile":222},"2025-11-20",0.81237,{"date":224,"score":175,"percentile":225},"2025-11-21",0.86421,{"date":227,"score":175,"percentile":228},"2025-11-22",0.86415,{"date":230,"score":175,"percentile":188},"2025-11-23",{"date":232,"score":175,"percentile":233},"2025-11-24",0.8641,{"date":235,"score":175,"percentile":236},"2025-11-25",0.86411,{"date":238,"score":175,"percentile":233},"2025-11-26",{"date":240,"score":175,"percentile":236},"2025-11-27",{"date":242,"score":175,"percentile":243},"2025-11-28",0.86393,{"date":245,"score":175,"percentile":246},"2025-11-29",0.86465,{"date":248,"score":175,"percentile":249},"2025-11-30",0.86463,{"date":251,"score":252,"percentile":253},"2025-12-01",0.04964,0.89312,{"date":255,"score":252,"percentile":256},"2025-12-02",0.89314,{"date":258,"score":252,"percentile":253},"2025-12-03",{"date":260,"score":175,"percentile":261},"2025-12-04",0.86457,{"date":263,"score":175,"percentile":264},"2025-12-05",0.8646,{"date":266,"score":175,"percentile":267},"2025-12-06",0.86456,{"date":269,"score":175,"percentile":270},"2025-12-07",0.86448,{"date":272,"score":273,"percentile":274},"2025-12-08",0.03101,0.86333,{"date":276,"score":273,"percentile":277},"2025-12-09",0.86341,{"date":279,"score":273,"percentile":280},"2025-12-10",0.86362,{"date":282,"score":273,"percentile":283},"2025-12-11",0.86369,{"date":285,"score":273,"percentile":286},"2025-12-12",0.86371,{"date":288,"score":273,"percentile":289},"2025-12-13",0.86367,{"date":291,"score":273,"percentile":292},"2025-12-14",0.86363,{"date":294,"score":273,"percentile":295},"2025-12-15",0.8636,{"date":297,"score":273,"percentile":298},"2025-12-16",0.86368,{"date":300,"score":273,"percentile":286},"2025-12-17",{"date":302,"score":273,"percentile":303},"2025-12-18",0.8638,{"date":305,"score":273,"percentile":306},"2025-12-19",0.86383,{"date":308,"score":273,"percentile":303},"2025-12-20",{"date":310,"score":273,"percentile":306},"2025-12-21",{"date":312,"score":273,"percentile":313},"2025-12-22",0.86375,{"date":315,"score":273,"percentile":316},"2025-12-23",0.86379,{"date":318,"score":273,"percentile":319},"2025-12-24",0.86385,{"date":321,"score":273,"percentile":176},"2025-12-25",{"date":323,"score":273,"percentile":179},"2025-12-26",{"date":325,"score":326,"percentile":327},"2025-12-27",0.01643,0.81555,{"date":329,"score":273,"percentile":330},"2025-12-28",0.86392,{"date":332,"score":273,"percentile":333},"2025-12-29",0.86386,{"date":335,"score":273,"percentile":243},"2025-12-30",{"date":337,"score":273,"percentile":338},"2025-12-31",0.86402,{"date":340,"score":341,"percentile":342},"2026-01-01",0.04875,0.89298,{"date":344,"score":341,"percentile":345},"2026-01-02",0.89293,{"date":347,"score":341,"percentile":348},"2026-01-03",0.89291,{"date":350,"score":273,"percentile":338},"2026-01-04",{"date":352,"score":273,"percentile":179},"2026-01-05",{"date":354,"score":273,"percentile":338},"2026-01-06",{"date":356,"score":273,"percentile":338},"2026-01-07",{"date":358,"score":273,"percentile":188},"2026-01-08",{"date":360,"score":273,"percentile":188},"2026-01-09",{"date":362,"score":273,"percentile":188},"2026-01-10",{"date":364,"score":273,"percentile":338},"2026-01-11",{"date":366,"score":273,"percentile":179},"2026-01-12",{"date":368,"score":273,"percentile":369},"2026-01-13",0.86395,{"date":371,"score":273,"percentile":188},"2026-01-14",{"date":373,"score":273,"percentile":374},"2026-01-15",0.86408,{"date":376,"score":273,"percentile":377},"2026-01-16",0.86412,{"date":379,"score":273,"percentile":198},"2026-01-17",{"date":381,"score":273,"percentile":207},"2026-01-18",{"date":383,"score":273,"percentile":188},"2026-01-19",{"date":385,"score":273,"percentile":386},"2026-01-20",0.86404,{"date":388,"score":273,"percentile":188},"2026-01-21",{"date":390,"score":273,"percentile":228},"2026-01-22",{"date":392,"score":273,"percentile":393},"2026-01-23",0.86431,{"date":395,"score":273,"percentile":396},"2026-01-24",0.86439,{"date":398,"score":273,"percentile":399},"2026-01-25",0.86434,{"date":401,"score":273,"percentile":402},"2026-01-26",0.86432,{"date":404,"score":273,"percentile":405},"2026-01-27",0.86435,{"date":407,"score":273,"percentile":408},"2026-01-28",0.86438,{"date":410,"score":273,"percentile":411},"2026-01-29",0.8644,{"date":413,"score":273,"percentile":414},"2026-01-30",0.86443,{"date":416,"score":273,"percentile":417},"2026-01-31",0.86445,{"date":419,"score":341,"percentile":420},"2026-02-01",0.89348,[422],{"source":100,"cvss_v2_0":423,"cvss_v3_0":428,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":424,"baseSeverity":9,"vectorString":425,"impactScore":426,"exploitabilityScore":427},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":98,"baseSeverity":429,"vectorString":101,"impactScore":98,"exploitabilityScore":427},"CRITICAL",[431,444,451,459,465],{"ecosystem":9,"name":432,"vendor":433,"product":434,"cpe_part":435,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":436},"ubuntu linux","canonical","ubuntu_linux","o",[437,440,442],{"version":438,"is_range":39,"range_type":439,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":441,"is_range":39,"range_type":439,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":443,"is_range":39,"range_type":439,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"ecosystem":9,"name":445,"vendor":446,"product":447,"cpe_part":435,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":448},"debian linux","debian","debian_linux",[449],{"version":450,"is_range":39,"range_type":439,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":452,"vendor":453,"product":454,"cpe_part":455,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":456},"storage automation store","netapp","storage_automation_store","a",[457],{"version":458,"is_range":39,"range_type":439,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":9,"name":460,"vendor":461,"product":460,"cpe_part":435,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":462},"leap","opensuse",[463],{"version":464,"is_range":39,"range_type":439,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"42.3",{"ecosystem":9,"name":466,"vendor":9,"product":466,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":467},"PHP",[468,473,478,482],{"version":469,"is_range":470,"range_type":439,"version_start":9,"version_start_type":9,"version_end":471,"version_end_type":472,"fixed_in":9},"lt5.6.40",true,"5.6.40","excluding",{"version":474,"is_range":470,"range_type":439,"version_start":475,"version_start_type":476,"version_end":477,"version_end_type":472,"fixed_in":9},"gte7.0.0_lt7.1.26","7.0.0","including","7.1.26",{"version":479,"is_range":470,"range_type":439,"version_start":480,"version_start_type":476,"version_end":481,"version_end_type":472,"fixed_in":9},"gte7.2.0_lt7.2.14","7.2.0","7.2.14",{"version":483,"is_range":470,"range_type":439,"version_start":484,"version_start_type":476,"version_end":485,"version_end_type":472,"fixed_in":9},"gte7.3.0_lt7.3.1","7.3.0","7.3.1"]