[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-9021":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":33,"duplicate_of":9,"upstream":34,"downstream":35,"duplicates":68,"related":69,"reserved_at":9,"published_at":79,"modified_at":80,"state":81,"summary":82,"references_raw":90,"kevs":157,"epss":158,"epss_history":161,"metrics":402,"affected":411},"CVE-2019-9021","An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[24],{"_key":25,"name":26,"source":27,"url":28,"maturity":29,"reliability_score":30,"verified":31,"type":9,"platforms":32,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_87911F7525FD5490","Exploit Reference (bugs.php.net)","reference","https://bugs.php.net/bug.php?id=77247","unknown",0.2,false,[],[],[],[36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66],{"_key":37},"SUSE-RU-2019:0823-1",{"_key":39},"SUSE-SU-2019:0985-1",{"_key":41},"SUSE-SU-2019:14013-1",{"_key":43},"SUSE-SU-2019:1461-1",{"_key":45},"SUSE-SU-2022:4067-1",{"_key":47},"OPENSUSE-SU-2019:1572-1",{"_key":49},"OPENSUSE-SU-2019:1573-1",{"_key":51},"OPENSUSE-SU-2024:11167-1",{"_key":53},"OPENSUSE-SU-2024:11169-1",{"_key":55},"RHSA-2020:1624",{"_key":57},"DLA-1679-1",{"_key":59},"DSA-4398-1",{"_key":61},"UBUNTU-CVE-2019-9021",{"_key":63},"USN-3902-1",{"_key":65},"RHSA-2019:2519",{"_key":67},"RHSA-2019:3299",[],[70,71,72,73,74,75,76,77,78],{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},"2019-02-22T23:00:00.000Z","2024-08-04T21:31:37.497Z","Modified",{"cisa_kev":31,"cisa_ransomware":31,"cisa_vendor":9,"epss_severity":83,"epss_score":84,"severity":85,"severity_score":86,"severity_version":87,"severity_source":88,"severity_vector":89,"severity_status":81},"high",0.25106,"critical",9.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[91,99,104,108,115,121,125,130,136,140,144,148,153],{"url":92,"sources":93,"tags":95},"https://usn.ubuntu.com/3902-2/",[94,88],"cve.org",[96,97,98],"Vendor Advisory","X Refsource UBUNTU","Third Party Advisory",{"url":100,"sources":101,"tags":102},"https://www.debian.org/security/2019/dsa-4398",[94,88],[96,103,98],"X Refsource DEBIAN",{"url":105,"sources":106,"tags":107},"https://usn.ubuntu.com/3902-1/",[94,88],[96,97,98],{"url":28,"sources":109,"tags":110},[94,88],[111,112,113,114,96],"X Refsource MISC","Exploit","Issue Tracking","Patch",{"url":116,"sources":117,"tags":118},"http://www.securityfocus.com/bid/107156",[94,88],[119,120,98],"VDB Entry","X Refsource BID",{"url":122,"sources":123,"tags":124},"http://www.securityfocus.com/bid/106747",[94,88],[119,120,98],{"url":126,"sources":127,"tags":128},"https://security.netapp.com/advisory/ntap-20190321-0001/",[94,88],[129,98],"X Refsource CONFIRM",{"url":131,"sources":132,"tags":133},"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html",[94,88],[96,134,135,98],"X Refsource SUSE","Mailing List",{"url":137,"sources":138,"tags":139},"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html",[94,88],[96,134,135,98],{"url":141,"sources":142,"tags":143},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html",[94,88],[96,134],{"url":145,"sources":146,"tags":147},"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html",[94,88],[96,134],{"url":149,"sources":150,"tags":151},"https://access.redhat.com/errata/RHSA-2019:2519",[94,88],[96,152],"X Refsource REDHAT",{"url":154,"sources":155,"tags":156},"https://access.redhat.com/errata/RHSA-2019:3299",[94,88],[96,152],[],{"date":159,"score":84,"percentile":160},"2026-06-04",0.96285,[162,166,169,171,174,177,179,182,184,187,190,193,196,198,201,205,207,210,213,216,218,221,223,226,229,231,234,237,241,244,247,249,252,254,257,261,264,266,268,271,273,275,277,279,282,285,287,289,291,294,296,298,300,303,307,310,312,314,316,320,323,326,329,331,334,336,338,341,344,346,348,350,353,356,359,362,365,367,369,372,375,378,381,384,386,388,391,394,396,399],{"date":163,"score":164,"percentile":165},"2025-11-04",0.30404,0.96473,{"date":167,"score":164,"percentile":168},"2025-11-05",0.96471,{"date":170,"score":164,"percentile":165},"2025-11-06",{"date":172,"score":164,"percentile":173},"2025-11-07",0.96475,{"date":175,"score":164,"percentile":176},"2025-11-08",0.96476,{"date":178,"score":164,"percentile":173},"2025-11-09",{"date":180,"score":164,"percentile":181},"2025-11-10",0.96474,{"date":183,"score":164,"percentile":173},"2025-11-11",{"date":185,"score":164,"percentile":186},"2025-11-12",0.96478,{"date":188,"score":164,"percentile":189},"2025-11-13",0.96479,{"date":191,"score":164,"percentile":192},"2025-11-14",0.96481,{"date":194,"score":164,"percentile":195},"2025-11-15",0.9648,{"date":197,"score":164,"percentile":195},"2025-11-16",{"date":199,"score":164,"percentile":200},"2025-11-17",0.96482,{"date":202,"score":203,"percentile":204},"2025-11-18",0.36498,0.96918,{"date":206,"score":203,"percentile":204},"2025-11-19",{"date":208,"score":203,"percentile":209},"2025-11-20",0.96921,{"date":211,"score":164,"percentile":212},"2025-11-21",0.96491,{"date":214,"score":164,"percentile":215},"2025-11-22",0.9649,{"date":217,"score":164,"percentile":215},"2025-11-23",{"date":219,"score":164,"percentile":220},"2025-11-24",0.96495,{"date":222,"score":164,"percentile":220},"2025-11-25",{"date":224,"score":164,"percentile":225},"2025-11-26",0.96497,{"date":227,"score":164,"percentile":228},"2025-11-27",0.96498,{"date":230,"score":164,"percentile":225},"2025-11-28",{"date":232,"score":164,"percentile":233},"2025-11-29",0.96499,{"date":235,"score":164,"percentile":236},"2025-11-30",0.96502,{"date":238,"score":239,"percentile":240},"2025-12-01",0.12253,0.93616,{"date":242,"score":239,"percentile":243},"2025-12-02",0.9362,{"date":245,"score":239,"percentile":246},"2025-12-03",0.93622,{"date":248,"score":164,"percentile":236},"2025-12-04",{"date":250,"score":164,"percentile":251},"2025-12-05",0.96505,{"date":253,"score":164,"percentile":251},"2025-12-06",{"date":255,"score":164,"percentile":256},"2025-12-07",0.96504,{"date":258,"score":259,"percentile":260},"2025-12-08",0.30029,0.96466,{"date":262,"score":259,"percentile":263},"2025-12-09",0.96469,{"date":265,"score":259,"percentile":165},"2025-12-10",{"date":267,"score":259,"percentile":173},"2025-12-11",{"date":269,"score":259,"percentile":270},"2025-12-12",0.96477,{"date":272,"score":259,"percentile":176},"2025-12-13",{"date":274,"score":259,"percentile":176},"2025-12-14",{"date":276,"score":259,"percentile":186},"2025-12-15",{"date":278,"score":259,"percentile":200},"2025-12-16",{"date":280,"score":259,"percentile":281},"2025-12-17",0.96484,{"date":283,"score":259,"percentile":284},"2025-12-18",0.96485,{"date":286,"score":259,"percentile":281},"2025-12-19",{"date":288,"score":259,"percentile":281},"2025-12-20",{"date":290,"score":259,"percentile":281},"2025-12-21",{"date":292,"score":259,"percentile":293},"2025-12-22",0.96486,{"date":295,"score":259,"percentile":281},"2025-12-23",{"date":297,"score":259,"percentile":284},"2025-12-24",{"date":299,"score":259,"percentile":215},"2025-12-25",{"date":301,"score":259,"percentile":302},"2025-12-26",0.96489,{"date":304,"score":305,"percentile":306},"2025-12-27",0.18922,0.95129,{"date":308,"score":259,"percentile":309},"2025-12-28",0.96488,{"date":311,"score":259,"percentile":302},"2025-12-29",{"date":313,"score":259,"percentile":212},"2025-12-30",{"date":315,"score":259,"percentile":220},"2025-12-31",{"date":317,"score":318,"percentile":319},"2026-01-01",0.12053,0.93595,{"date":321,"score":318,"percentile":322},"2026-01-02",0.93591,{"date":324,"score":318,"percentile":325},"2026-01-03",0.93592,{"date":327,"score":259,"percentile":328},"2026-01-04",0.96492,{"date":330,"score":259,"percentile":328},"2026-01-05",{"date":332,"score":259,"percentile":333},"2026-01-06",0.96493,{"date":335,"score":259,"percentile":220},"2026-01-07",{"date":337,"score":259,"percentile":225},"2026-01-08",{"date":339,"score":259,"percentile":340},"2026-01-09",0.965,{"date":342,"score":259,"percentile":343},"2026-01-10",0.96501,{"date":345,"score":259,"percentile":236},"2026-01-11",{"date":347,"score":259,"percentile":236},"2026-01-12",{"date":349,"score":259,"percentile":236},"2026-01-13",{"date":351,"score":259,"percentile":352},"2026-01-14",0.96507,{"date":354,"score":259,"percentile":355},"2026-01-15",0.96509,{"date":357,"score":259,"percentile":358},"2026-01-16",0.96512,{"date":360,"score":259,"percentile":361},"2026-01-17",0.96513,{"date":363,"score":259,"percentile":364},"2026-01-18",0.96514,{"date":366,"score":259,"percentile":358},"2026-01-19",{"date":368,"score":259,"percentile":364},"2026-01-20",{"date":370,"score":259,"percentile":371},"2026-01-21",0.96515,{"date":373,"score":259,"percentile":374},"2026-01-22",0.96516,{"date":376,"score":259,"percentile":377},"2026-01-23",0.9652,{"date":379,"score":259,"percentile":380},"2026-01-24",0.96522,{"date":382,"score":259,"percentile":383},"2026-01-25",0.96523,{"date":385,"score":259,"percentile":380},"2026-01-26",{"date":387,"score":259,"percentile":380},"2026-01-27",{"date":389,"score":259,"percentile":390},"2026-01-28",0.96524,{"date":392,"score":259,"percentile":393},"2026-01-29",0.96525,{"date":395,"score":259,"percentile":390},"2026-01-30",{"date":397,"score":259,"percentile":398},"2026-01-31",0.96526,{"date":400,"score":318,"percentile":401},"2026-02-01",0.93633,[403],{"source":88,"cvss_v2_0":404,"cvss_v3_0":409,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":405,"baseSeverity":9,"vectorString":406,"impactScore":407,"exploitabilityScore":408},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,10,{"baseScore":86,"baseSeverity":410,"vectorString":89,"impactScore":86,"exploitabilityScore":408},"CRITICAL",[412,425,432,440,446],{"ecosystem":9,"name":413,"vendor":414,"product":415,"cpe_part":416,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":417},"ubuntu linux","canonical","ubuntu_linux","o",[418,421,423],{"version":419,"is_range":31,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12.04","cpe",{"version":422,"is_range":31,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"14.04",{"version":424,"is_range":31,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.04",{"ecosystem":9,"name":426,"vendor":427,"product":428,"cpe_part":416,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":429},"debian linux","debian","debian_linux",[430],{"version":431,"is_range":31,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":433,"vendor":434,"product":435,"cpe_part":436,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":437},"storage automation store","netapp","storage_automation_store","a",[438],{"version":439,"is_range":31,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":9,"name":441,"vendor":442,"product":441,"cpe_part":416,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":443},"leap","opensuse",[444],{"version":445,"is_range":31,"range_type":420,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"42.3",{"ecosystem":9,"name":447,"vendor":9,"product":447,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":448},"PHP",[449,454,459,463],{"version":450,"is_range":451,"range_type":420,"version_start":9,"version_start_type":9,"version_end":452,"version_end_type":453,"fixed_in":9},"lt5.6.40",true,"5.6.40","excluding",{"version":455,"is_range":451,"range_type":420,"version_start":456,"version_start_type":457,"version_end":458,"version_end_type":453,"fixed_in":9},"gte7.0.0_lt7.1.26","7.0.0","including","7.1.26",{"version":460,"is_range":451,"range_type":420,"version_start":461,"version_start_type":457,"version_end":462,"version_end_type":453,"fixed_in":9},"gte7.2.0_lt7.2.14","7.2.0","7.2.14",{"version":464,"is_range":451,"range_type":420,"version_start":465,"version_start_type":457,"version_end":466,"version_end_type":453,"fixed_in":9},"gte7.3.0_lt7.3.1","7.3.0","7.3.1"]