[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-15366":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":93,"aliases":94,"duplicate_of":9,"upstream":96,"downstream":97,"duplicates":116,"related":117,"reserved_at":9,"published_at":118,"modified_at":119,"state":120,"summary":121,"references_raw":130,"kevs":171,"epss":172,"epss_history":175,"metrics":435,"affected":447},"CVE-2020-15366","An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-1321","Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.","weakness","Incomplete","Variant",[19,67,89],{"id":20,"name":21,"techniques":22},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[23],{"id":24,"name":25,"tactics":26,"countermeasures":42},"T1574.010","Services File Permissions Weakness",[27,30,33,36,39],{"id":28,"name":29},"TA0110","Persistence",{"id":31,"name":32},"TA0111","Privilege Escalation",{"id":34,"name":35},"TA0030","Defense Evasion",{"id":37,"name":38},"TA0005","Stealth",{"id":40,"name":41},"TA0104","Execution",[43,48,52,57,62],{"id":44,"name":45,"tactic":46},"D3-SWI","Software Inventory",{"name":47},"Model",{"id":49,"name":50,"tactic":51},"D3-AVE","Asset Vulnerability Enumeration",{"name":47},{"id":53,"name":54,"tactic":55},"D3-SBV","Service Binary Verification",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SU","Software Update",{"name":61},"Harden",{"id":63,"name":64,"tactic":65},"D3-RS","Restore Software",{"name":66},"Restore",{"id":68,"name":69,"techniques":70},"CAPEC-180","Exploiting Incorrectly Configured Access Control Security Levels",[71],{"id":24,"name":25,"tactics":72,"countermeasures":78},[73,74,75,76,77],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[79,81,83,85,87],{"id":44,"name":45,"tactic":80},{"name":47},{"id":49,"name":50,"tactic":82},{"name":47},{"id":53,"name":54,"tactic":84},{"name":56},{"id":58,"name":59,"tactic":86},{"name":61},{"id":63,"name":64,"tactic":88},{"name":66},{"id":90,"name":91,"techniques":92},"CAPEC-77","Manipulating User-Controlled Variables",[],[],[95],"GHSA-v88g-cgmw-v5xw",[],[98,100,102,104,106,108,110,112,114],{"_key":99},"UBUNTU-CVE-2020-15366",{"_key":101},"DEBIAN-CVE-2020-15366",{"_key":103},"RHSA-2021:0781",{"_key":105},"RHSA-2020:5305",{"_key":107},"RHSA-2020:5499",{"_key":109},"RHSA-2021:0421",{"_key":111},"RHSA-2021:0521",{"_key":113},"RHSA-2021:0548",{"_key":115},"RHSA-2021:0551",[],[],"2020-07-15T19:14:07.000Z","2024-08-04T13:15:20.438Z","Modified",{"cisa_kev":122,"cisa_ransomware":122,"cisa_vendor":9,"epss_severity":123,"epss_score":124,"severity":125,"severity_score":126,"severity_version":127,"severity_source":128,"severity_vector":129,"severity_status":120},false,"low",0.00331,"medium",6.8,"v2.0","nvd","AV:N/AC:M/Au:N/C:P/I:P/A:P",[131,139,144,149,153,158,162,167],{"url":132,"sources":133,"tags":136},"https://hackerone.com/bugs?subject=user&report_id=894259",[134,128,135],"cve.org","osv_npm",[137,138],"Permissions Required","WEB",{"url":140,"sources":141,"tags":142},"https://github.com/ajv-validator/ajv/tags",[134,128,135],[143,138],"Third Party Advisory",{"url":145,"sources":146,"tags":147},"https://github.com/ajv-validator/ajv/releases/tag/v6.12.3",[134,128,135],[148,143,138],"Release Notes",{"url":150,"sources":151,"tags":152},"https://security.netapp.com/advisory/ntap-20240621-0007/",[134,128],[],{"url":154,"sources":155,"tags":156},"https://nvd.nist.gov/vuln/detail/CVE-2020-15366",[135],[157],"Advisory",{"url":159,"sources":160,"tags":161},"https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f",[135],[138],{"url":163,"sources":164,"tags":165},"https://github.com/ajv-validator/ajv",[135],[166],"PACKAGE",{"url":168,"sources":169,"tags":170},"https://security.netapp.com/advisory/ntap-20240621-0007",[135],[138],[],{"date":173,"score":124,"percentile":174},"2026-06-04",0.56298,[176,179,182,185,188,191,194,197,200,203,206,208,210,213,216,220,223,226,229,231,234,237,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,283,286,289,292,295,298,301,304,307,310,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,362,365,368,371,373,375,378,381,385,388,391,394,397,399,402,405,407,410,413,415,418,421,424,426,429,432],{"date":177,"score":124,"percentile":178},"2025-11-04",0.55483,{"date":180,"score":124,"percentile":181},"2025-11-05",0.55449,{"date":183,"score":124,"percentile":184},"2025-11-06",0.55459,{"date":186,"score":124,"percentile":187},"2025-11-07",0.55478,{"date":189,"score":124,"percentile":190},"2025-11-08",0.55482,{"date":192,"score":124,"percentile":193},"2025-11-09",0.55475,{"date":195,"score":124,"percentile":196},"2025-11-10",0.55452,{"date":198,"score":124,"percentile":199},"2025-11-11",0.55465,{"date":201,"score":124,"percentile":202},"2025-11-12",0.55491,{"date":204,"score":124,"percentile":205},"2025-11-13",0.55499,{"date":207,"score":124,"percentile":205},"2025-11-14",{"date":209,"score":124,"percentile":202},"2025-11-15",{"date":211,"score":124,"percentile":212},"2025-11-16",0.55476,{"date":214,"score":124,"percentile":215},"2025-11-17",0.55467,{"date":217,"score":218,"percentile":219},"2025-11-18",0.00615,0.67449,{"date":221,"score":218,"percentile":222},"2025-11-19",0.67454,{"date":224,"score":218,"percentile":225},"2025-11-20",0.67448,{"date":227,"score":124,"percentile":228},"2025-11-21",0.55479,{"date":230,"score":124,"percentile":193},"2025-11-22",{"date":232,"score":124,"percentile":233},"2025-11-23",0.55446,{"date":235,"score":124,"percentile":236},"2025-11-24",0.55443,{"date":238,"score":124,"percentile":233},"2025-11-25",{"date":240,"score":124,"percentile":241},"2025-11-26",0.55448,{"date":243,"score":124,"percentile":244},"2025-11-27",0.5545,{"date":246,"score":124,"percentile":247},"2025-11-28",0.55421,{"date":249,"score":124,"percentile":250},"2025-11-29",0.55407,{"date":252,"score":124,"percentile":253},"2025-11-30",0.55395,{"date":255,"score":124,"percentile":256},"2025-12-01",0.55554,{"date":258,"score":124,"percentile":259},"2025-12-02",0.55565,{"date":261,"score":124,"percentile":262},"2025-12-03",0.55558,{"date":264,"score":124,"percentile":265},"2025-12-04",0.55392,{"date":267,"score":124,"percentile":268},"2025-12-05",0.55408,{"date":270,"score":124,"percentile":271},"2025-12-06",0.55409,{"date":273,"score":124,"percentile":274},"2025-12-07",0.55399,{"date":276,"score":124,"percentile":277},"2025-12-08",0.55401,{"date":279,"score":124,"percentile":280},"2025-12-09",0.55417,{"date":282,"score":124,"percentile":193},"2025-12-10",{"date":284,"score":124,"percentile":285},"2025-12-11",0.55495,{"date":287,"score":124,"percentile":288},"2025-12-12",0.55517,{"date":290,"score":124,"percentile":291},"2025-12-13",0.5551,{"date":293,"score":124,"percentile":294},"2025-12-14",0.55507,{"date":296,"score":124,"percentile":297},"2025-12-15",0.55497,{"date":299,"score":124,"percentile":300},"2025-12-16",0.55511,{"date":302,"score":124,"percentile":303},"2025-12-17",0.55533,{"date":305,"score":124,"percentile":306},"2025-12-18",0.55571,{"date":308,"score":124,"percentile":309},"2025-12-19",0.55574,{"date":311,"score":124,"percentile":259},"2025-12-20",{"date":313,"score":124,"percentile":314},"2025-12-21",0.55544,{"date":316,"score":124,"percentile":317},"2025-12-22",0.55522,{"date":319,"score":124,"percentile":320},"2025-12-23",0.55528,{"date":322,"score":124,"percentile":323},"2025-12-24",0.55536,{"date":325,"score":124,"percentile":326},"2025-12-25",0.5558,{"date":328,"score":124,"percentile":329},"2025-12-26",0.55573,{"date":331,"score":124,"percentile":332},"2025-12-27",0.55618,{"date":334,"score":124,"percentile":335},"2025-12-28",0.55535,{"date":337,"score":124,"percentile":338},"2025-12-29",0.55519,{"date":340,"score":124,"percentile":341},"2025-12-30",0.55514,{"date":343,"score":124,"percentile":344},"2025-12-31",0.55527,{"date":346,"score":124,"percentile":347},"2026-01-01",0.55697,{"date":349,"score":124,"percentile":350},"2026-01-02",0.55677,{"date":352,"score":124,"percentile":353},"2026-01-03",0.55665,{"date":355,"score":124,"percentile":356},"2026-01-04",0.55493,{"date":358,"score":124,"percentile":359},"2026-01-05",0.55485,{"date":361,"score":124,"percentile":356},"2026-01-06",{"date":363,"score":124,"percentile":364},"2026-01-07",0.5552,{"date":366,"score":124,"percentile":367},"2026-01-08",0.55541,{"date":369,"score":124,"percentile":370},"2026-01-09",0.55537,{"date":372,"score":124,"percentile":323},"2026-01-10",{"date":374,"score":124,"percentile":300},"2026-01-11",{"date":376,"score":124,"percentile":377},"2026-01-12",0.55464,{"date":379,"score":124,"percentile":380},"2026-01-13",0.55442,{"date":382,"score":383,"percentile":384},"2026-01-14",0.00352,0.57075,{"date":386,"score":383,"percentile":387},"2026-01-15",0.5708,{"date":389,"score":383,"percentile":390},"2026-01-16",0.57108,{"date":392,"score":383,"percentile":393},"2026-01-17",0.57099,{"date":395,"score":383,"percentile":396},"2026-01-18",0.57098,{"date":398,"score":383,"percentile":387},"2026-01-19",{"date":400,"score":383,"percentile":401},"2026-01-20",0.57083,{"date":403,"score":383,"percentile":404},"2026-01-21",0.57091,{"date":406,"score":383,"percentile":404},"2026-01-22",{"date":408,"score":383,"percentile":409},"2026-01-23",0.57131,{"date":411,"score":383,"percentile":412},"2026-01-24",0.57136,{"date":414,"score":383,"percentile":396},"2026-01-25",{"date":416,"score":383,"percentile":417},"2026-01-26",0.57084,{"date":419,"score":383,"percentile":420},"2026-01-27",0.57095,{"date":422,"score":383,"percentile":423},"2026-01-28",0.57104,{"date":425,"score":383,"percentile":423},"2026-01-29",{"date":427,"score":383,"percentile":428},"2026-01-30",0.57107,{"date":430,"score":383,"percentile":431},"2026-01-31",0.57109,{"date":433,"score":383,"percentile":434},"2026-02-01",0.5725,[436,445],{"source":128,"cvss_v2_0":437,"cvss_v3_0":9,"cvss_v3_1":440,"cvss_v4_0":9},{"baseScore":126,"baseSeverity":9,"vectorString":129,"impactScore":438,"exploitabilityScore":439},6.4,8.6,{"baseScore":441,"baseSeverity":442,"vectorString":443,"impactScore":444,"exploitabilityScore":441},5.6,"MEDIUM","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",5.7,{"source":135,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":446,"cvss_v4_0":9},{"baseScore":441,"baseSeverity":9,"vectorString":443,"impactScore":444,"exploitabilityScore":441},[448,456],{"ecosystem":9,"name":449,"vendor":450,"product":449,"cpe_part":451,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":452},"ajv","ajv.js","a",[453],{"version":454,"is_range":122,"range_type":455,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.12.2","cpe",{"ecosystem":457,"name":449,"vendor":457,"product":449,"cpe_part":9,"purl_type":458,"purl_namespace":9,"purl_name":449,"source":9,"versions":459},"Npm","npm",[460],{"version":461,"is_range":462,"range_type":463,"version_start":9,"version_start_type":9,"version_end":464,"version_end_type":465,"fixed_in":9},"lt6_12_3",true,"semver","6.12.3","excluding"]