[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-27846":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":29,"duplicate_of":9,"upstream":33,"downstream":34,"duplicates":37,"related":38,"reserved_at":9,"published_at":39,"modified_at":40,"state":41,"summary":42,"references_raw":50,"kevs":128,"epss":129,"epss_history":132,"metrics":392,"affected":401},"CVE-2020-27846","A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-115","Misinterpretation of Input","The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.","weakness","Incomplete","Base",[],[20],{"_key":21,"name":22,"source":23,"url":24,"maturity":25,"reliability_score":26,"verified":27,"type":9,"platforms":28,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_D99FB3FFF2394DF5","Exploit Reference (mattermost.com)","reference","https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/","unknown",0.2,false,[],[30,31,32],"GHSA-4hq8-gmxx-h6w9","BIT-grafana-2020-27846","GO-2021-0058",[],[35],{"_key":36},"RHSA-2021:1859",[],[],"2020-12-21T15:16:14.000Z","2024-08-04T16:25:43.248Z","Modified",{"cisa_kev":27,"cisa_ransomware":27,"cisa_vendor":9,"epss_severity":43,"epss_score":44,"severity":45,"severity_score":46,"severity_version":47,"severity_source":48,"severity_vector":49,"severity_status":41},"low",0.07544,"high",10,"v2.0","nvd","AV:N/AC:L/Au:N/C:C/I:C/A:C",[51,62,66,70,75,80,84,89,94,99,104,108,112,116,120,124],{"url":52,"sources":53,"tags":56},"https://bugzilla.redhat.com/show_bug.cgi?id=1907670",[54,48,55],"cve.org","osv_go",[57,58,59,60,61],"X Refsource MISC","Issue Tracking","Patch","Third Party Advisory","WEB",{"url":24,"sources":63,"tags":64},[54,48],[57,65,60],"Exploit",{"url":67,"sources":68,"tags":69},"https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9",[54,48,55],[57,60,61],{"url":71,"sources":72,"tags":73},"https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/",[54,48],[57,74],"Vendor Advisory",{"url":76,"sources":77,"tags":78},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYI/",[54,48],[74,79],"X Refsource FEDORA",{"url":81,"sources":82,"tags":83},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEM/",[54,48],[74,79],{"url":85,"sources":86,"tags":87},"https://security.netapp.com/advisory/ntap-20210205-0002/",[54,48],[88,60],"X Refsource CONFIRM",{"url":90,"sources":91,"tags":92},"https://nvd.nist.gov/vuln/detail/CVE-2020-27846",[55],[93],"Advisory",{"url":95,"sources":96,"tags":97},"https://github.com/crewjam/saml/commit/da4f1a0612c0a8dd0452cf8b3c7a6518f6b4d053",[55],[61,98],"FIX",{"url":100,"sources":101,"tags":102},"https://github.com/crewjam/saml",[55],[103],"PACKAGE",{"url":105,"sources":106,"tags":107},"https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise",[55],[61],{"url":109,"sources":110,"tags":111},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYI",[55],[61],{"url":113,"sources":114,"tags":115},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEM",[55],[61],{"url":117,"sources":118,"tags":119},"https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities",[55],[61],{"url":121,"sources":122,"tags":123},"https://pkg.go.dev/vuln/GO-2021-0058",[55],[61],{"url":125,"sources":126,"tags":127},"https://security.netapp.com/advisory/ntap-20210205-0002",[55],[61],[],{"date":130,"score":44,"percentile":131},"2026-06-04",0.91966,[133,137,139,142,145,148,151,153,156,159,162,165,168,170,173,177,180,183,186,189,192,195,198,201,203,206,209,211,214,217,220,223,226,228,230,233,236,239,242,245,248,251,254,257,260,263,266,269,272,275,277,279,282,285,289,292,295,298,301,304,307,310,312,315,317,319,323,326,328,331,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,383,386,389],{"date":134,"score":135,"percentile":136},"2025-11-04",0.11085,0.93121,{"date":138,"score":135,"percentile":136},"2025-11-05",{"date":140,"score":135,"percentile":141},"2025-11-06",0.93123,{"date":143,"score":135,"percentile":144},"2025-11-07",0.93128,{"date":146,"score":135,"percentile":147},"2025-11-08",0.93127,{"date":149,"score":135,"percentile":150},"2025-11-09",0.93125,{"date":152,"score":135,"percentile":150},"2025-11-10",{"date":154,"score":135,"percentile":155},"2025-11-11",0.9313,{"date":157,"score":135,"percentile":158},"2025-11-12",0.93137,{"date":160,"score":135,"percentile":161},"2025-11-13",0.9314,{"date":163,"score":135,"percentile":164},"2025-11-14",0.93142,{"date":166,"score":135,"percentile":167},"2025-11-15",0.93135,{"date":169,"score":135,"percentile":161},"2025-11-16",{"date":171,"score":135,"percentile":172},"2025-11-17",0.93139,{"date":174,"score":175,"percentile":176},"2025-11-18",0.19115,0.94909,{"date":178,"score":175,"percentile":179},"2025-11-19",0.94911,{"date":181,"score":175,"percentile":182},"2025-11-20",0.94915,{"date":184,"score":135,"percentile":185},"2025-11-21",0.93155,{"date":187,"score":135,"percentile":188},"2025-11-22",0.93153,{"date":190,"score":135,"percentile":191},"2025-11-23",0.93157,{"date":193,"score":135,"percentile":194},"2025-11-24",0.93159,{"date":196,"score":135,"percentile":197},"2025-11-25",0.9316,{"date":199,"score":135,"percentile":200},"2025-11-26",0.93158,{"date":202,"score":135,"percentile":194},"2025-11-27",{"date":204,"score":135,"percentile":205},"2025-11-28",0.93152,{"date":207,"score":135,"percentile":208},"2025-11-29",0.93161,{"date":210,"score":135,"percentile":208},"2025-11-30",{"date":212,"score":135,"percentile":213},"2025-12-01",0.93207,{"date":215,"score":135,"percentile":216},"2025-12-02",0.93212,{"date":218,"score":135,"percentile":219},"2025-12-03",0.93214,{"date":221,"score":135,"percentile":222},"2025-12-04",0.93168,{"date":224,"score":135,"percentile":225},"2025-12-05",0.93171,{"date":227,"score":135,"percentile":225},"2025-12-06",{"date":229,"score":135,"percentile":225},"2025-12-07",{"date":231,"score":135,"percentile":232},"2025-12-08",0.93175,{"date":234,"score":135,"percentile":235},"2025-12-09",0.93178,{"date":237,"score":135,"percentile":238},"2025-12-10",0.93182,{"date":240,"score":135,"percentile":241},"2025-12-11",0.93187,{"date":243,"score":135,"percentile":244},"2025-12-12",0.93191,{"date":246,"score":135,"percentile":247},"2025-12-13",0.93196,{"date":249,"score":135,"percentile":250},"2025-12-14",0.93193,{"date":252,"score":135,"percentile":253},"2025-12-15",0.93197,{"date":255,"score":135,"percentile":256},"2025-12-16",0.93194,{"date":258,"score":135,"percentile":259},"2025-12-17",0.93201,{"date":261,"score":135,"percentile":262},"2025-12-18",0.93204,{"date":264,"score":135,"percentile":265},"2025-12-19",0.93205,{"date":267,"score":135,"percentile":268},"2025-12-20",0.93202,{"date":270,"score":135,"percentile":271},"2025-12-21",0.93203,{"date":273,"score":135,"percentile":274},"2025-12-22",0.93211,{"date":276,"score":135,"percentile":268},"2025-12-23",{"date":278,"score":135,"percentile":213},"2025-12-24",{"date":280,"score":135,"percentile":281},"2025-12-25",0.93223,{"date":283,"score":135,"percentile":284},"2025-12-26",0.93221,{"date":286,"score":287,"percentile":288},"2025-12-27",0.08618,0.92162,{"date":290,"score":135,"percentile":291},"2025-12-28",0.93218,{"date":293,"score":135,"percentile":294},"2025-12-29",0.93216,{"date":296,"score":135,"percentile":297},"2025-12-30",0.93217,{"date":299,"score":135,"percentile":300},"2025-12-31",0.93222,{"date":302,"score":135,"percentile":303},"2026-01-01",0.9326,{"date":305,"score":135,"percentile":306},"2026-01-02",0.93254,{"date":308,"score":135,"percentile":309},"2026-01-03",0.93253,{"date":311,"score":135,"percentile":216},"2026-01-04",{"date":313,"score":135,"percentile":314},"2026-01-05",0.93209,{"date":316,"score":135,"percentile":274},"2026-01-06",{"date":318,"score":135,"percentile":274},"2026-01-07",{"date":320,"score":321,"percentile":322},"2026-01-08",0.0773,0.91648,{"date":324,"score":321,"percentile":325},"2026-01-09",0.91652,{"date":327,"score":321,"percentile":325},"2026-01-10",{"date":329,"score":321,"percentile":330},"2026-01-11",0.91645,{"date":332,"score":321,"percentile":330},"2026-01-12",{"date":334,"score":321,"percentile":335},"2026-01-13",0.91644,{"date":337,"score":321,"percentile":338},"2026-01-14",0.91658,{"date":340,"score":321,"percentile":341},"2026-01-15",0.9166,{"date":343,"score":321,"percentile":344},"2026-01-16",0.91664,{"date":346,"score":321,"percentile":347},"2026-01-17",0.91668,{"date":349,"score":321,"percentile":350},"2026-01-18",0.91666,{"date":352,"score":321,"percentile":353},"2026-01-19",0.91669,{"date":355,"score":321,"percentile":356},"2026-01-20",0.91672,{"date":358,"score":321,"percentile":359},"2026-01-21",0.91676,{"date":361,"score":321,"percentile":362},"2026-01-22",0.91679,{"date":364,"score":321,"percentile":365},"2026-01-23",0.91688,{"date":367,"score":321,"percentile":368},"2026-01-24",0.91694,{"date":370,"score":321,"percentile":371},"2026-01-25",0.91693,{"date":373,"score":321,"percentile":374},"2026-01-26",0.91696,{"date":376,"score":321,"percentile":377},"2026-01-27",0.91699,{"date":379,"score":321,"percentile":380},"2026-01-28",0.91704,{"date":382,"score":321,"percentile":380},"2026-01-29",{"date":384,"score":321,"percentile":385},"2026-01-30",0.91705,{"date":387,"score":321,"percentile":388},"2026-01-31",0.91703,{"date":390,"score":321,"percentile":391},"2026-02-01",0.9175,[393,399],{"source":48,"cvss_v2_0":394,"cvss_v3_0":9,"cvss_v3_1":395,"cvss_v4_0":9},{"baseScore":46,"baseSeverity":9,"vectorString":49,"impactScore":46,"exploitabilityScore":46},{"baseScore":396,"baseSeverity":397,"vectorString":398,"impactScore":396,"exploitabilityScore":46},9.8,"CRITICAL","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",{"source":55,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":400,"cvss_v4_0":9},{"baseScore":396,"baseSeverity":9,"vectorString":398,"impactScore":396,"exploitabilityScore":46},[402,412,425,441,448,456,462],{"ecosystem":9,"name":403,"vendor":404,"product":403,"cpe_part":405,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":406},"fedora","fedoraproject","o",[407,410],{"version":408,"is_range":27,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"32","cpe",{"version":411,"is_range":27,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33",{"ecosystem":413,"name":414,"vendor":415,"product":416,"cpe_part":9,"purl_type":417,"purl_namespace":415,"purl_name":416,"source":9,"versions":418},"Go","github.com/crewjam/saml","github.com/crewjam","saml","golang",[419],{"version":420,"is_range":421,"range_type":422,"version_start":9,"version_start_type":9,"version_end":423,"version_end_type":424,"fixed_in":9},"lt0_4_3",true,"semver","0.4.3","excluding",{"ecosystem":9,"name":426,"vendor":426,"product":426,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"grafana","a",[429,432,437],{"version":430,"is_range":421,"range_type":409,"version_start":9,"version_start_type":9,"version_end":431,"version_end_type":424,"fixed_in":9},"lt6.7.5","6.7.5",{"version":433,"is_range":421,"range_type":409,"version_start":434,"version_start_type":435,"version_end":436,"version_end_type":424,"fixed_in":9},"gte7.0.0_lt7.2.3","7.0.0","including","7.2.3",{"version":438,"is_range":421,"range_type":409,"version_start":439,"version_start_type":435,"version_end":440,"version_end_type":424,"fixed_in":9},"gte7.3.0_lt7.3.6","7.3.0","7.3.6",{"ecosystem":9,"name":442,"vendor":443,"product":444,"cpe_part":405,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":445},"enterprise linux","redhat","enterprise_linux",[446],{"version":447,"is_range":27,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"ecosystem":9,"name":449,"vendor":443,"product":450,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":451},"openshift container platform","openshift_container_platform",[452,454],{"version":453,"is_range":27,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.11",{"version":455,"is_range":27,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0",{"ecosystem":9,"name":457,"vendor":443,"product":458,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":459},"openshift service mesh","openshift_service_mesh",[460],{"version":461,"is_range":27,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0",{"ecosystem":9,"name":416,"vendor":463,"product":416,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":464},"saml_project",[465],{"version":466,"is_range":421,"range_type":409,"version_start":9,"version_start_type":9,"version_end":423,"version_end_type":424,"fixed_in":9},"lt0.4.3"]