[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-28367":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":62,"aliases":63,"duplicate_of":9,"upstream":66,"downstream":67,"duplicates":98,"related":99,"reserved_at":9,"published_at":108,"modified_at":109,"state":110,"summary":111,"references_raw":120,"kevs":150,"epss":151,"epss_history":154,"metrics":419,"affected":430},"CVE-2020-28367","Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","weakness","Draft","Base","Medium",[20,24,58],{"id":21,"name":22,"techniques":23},"CAPEC-242","Code Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[28,39,46],{"id":29,"name":30,"tactics":31,"countermeasures":38},"T1027.006","HTML Smuggling",[32,35],{"id":33,"name":34},"TA0030","Defense Evasion",{"id":36,"name":37},"TA0005","Stealth",[],{"id":40,"name":41,"tactics":42,"countermeasures":45},"T1027.009","Embedded Payloads",[43,44],{"id":33,"name":34},{"id":36,"name":37},[],{"id":47,"name":48,"tactics":49,"countermeasures":52},"T1564.009","Resource Forking",[50,51],{"id":33,"name":34},{"id":36,"name":37},[53],{"id":54,"name":55,"tactic":56},"D3-FFV","File Format Verification",{"name":57},"Isolate",{"id":59,"name":60,"techniques":61},"CAPEC-77","Manipulating User-Controlled Variables",[],[],[64,65],"GO-2022-0476","BIT-golang-2020-28367",[],[68,70,72,74,76,78,80,82,84,86,88,90,92,94,96],{"_key":69},"UBUNTU-CVE-2020-28367",{"_key":71},"OPENSUSE-SU-2020:2139-1",{"_key":73},"SUSE-SU-2020:3368-1",{"_key":75},"SUSE-SU-2020:3369-1",{"_key":77},"OPENSUSE-SU-2020:2047-1",{"_key":79},"OPENSUSE-SU-2020:2067-1",{"_key":81},"OPENSUSE-SU-2024:10807-1",{"_key":83},"OPENSUSE-SU-2024:10808-1",{"_key":85},"DLA-2460-1",{"_key":87},"DLA-3395-1",{"_key":89},"MGASA-2021-0018",{"_key":91},"DEBIAN-CVE-2020-28367",{"_key":93},"RHSA-2020:5333",{"_key":95},"RHSA-2020:5493",{"_key":97},"RHSA-2021:0145",[],[100,101,102,103,104,105,106,107],{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":89},"2020-11-18T00:00:00.000Z","2024-08-04T16:33:59.087Z","Modified",{"cisa_kev":112,"cisa_ransomware":112,"cisa_vendor":9,"epss_severity":113,"epss_score":114,"severity":115,"severity_score":116,"severity_version":117,"severity_source":118,"severity_vector":119,"severity_status":110},false,"low",0.00272,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",[121,128,132,137,142,146],{"url":122,"sources":123,"tags":126},"https://go.dev/cl/267277",[124,118,125],"cve.org","osv_go",[127],"FIX",{"url":129,"sources":130,"tags":131},"https://go.googlesource.com/go/+/da7aa86917811a571e6634b45a457f918b8e6561",[124,118,125],[127],{"url":133,"sources":134,"tags":135},"https://go.dev/issue/42556",[124,118,125],[136],"REPORT",{"url":138,"sources":139,"tags":140},"https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM",[124,118,125],[141],"WEB",{"url":143,"sources":144,"tags":145},"https://pkg.go.dev/vuln/GO-2022-0476",[124,118],[],{"url":147,"sources":148,"tags":149},"https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html",[124,118],[],[],{"date":152,"score":114,"percentile":153},"2026-06-04",0.50856,[155,159,162,165,168,171,174,177,180,183,186,189,192,195,198,202,205,208,210,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,281,283,287,290,293,296,299,302,304,307,310,313,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,377,380,383,385,387,390,393,396,399,402,405,408,411,413,416],{"date":156,"score":157,"percentile":158},"2025-11-04",0.00296,0.52504,{"date":160,"score":157,"percentile":161},"2025-11-05",0.52478,{"date":163,"score":157,"percentile":164},"2025-11-06",0.52495,{"date":166,"score":157,"percentile":167},"2025-11-07",0.52516,{"date":169,"score":157,"percentile":170},"2025-11-08",0.52517,{"date":172,"score":157,"percentile":173},"2025-11-09",0.52515,{"date":175,"score":157,"percentile":176},"2025-11-10",0.52486,{"date":178,"score":157,"percentile":179},"2025-11-11",0.525,{"date":181,"score":157,"percentile":182},"2025-11-12",0.52526,{"date":184,"score":157,"percentile":185},"2025-11-13",0.5253,{"date":187,"score":157,"percentile":188},"2025-11-14",0.52533,{"date":190,"score":157,"percentile":191},"2025-11-15",0.52527,{"date":193,"score":157,"percentile":194},"2025-11-16",0.52507,{"date":196,"score":157,"percentile":197},"2025-11-17",0.5249,{"date":199,"score":200,"percentile":201},"2025-11-18",0.01281,0.77845,{"date":203,"score":200,"percentile":204},"2025-11-19",0.77852,{"date":206,"score":200,"percentile":207},"2025-11-20",0.77858,{"date":209,"score":157,"percentile":158},"2025-11-21",{"date":211,"score":157,"percentile":212},"2025-11-22",0.52503,{"date":214,"score":157,"percentile":215},"2025-11-23",0.52466,{"date":217,"score":157,"percentile":218},"2025-11-24",0.52457,{"date":220,"score":157,"percentile":221},"2025-11-25",0.52462,{"date":223,"score":157,"percentile":224},"2025-11-26",0.52465,{"date":226,"score":157,"percentile":227},"2025-11-27",0.52471,{"date":229,"score":157,"percentile":230},"2025-11-28",0.52444,{"date":232,"score":157,"percentile":233},"2025-11-29",0.52419,{"date":235,"score":157,"percentile":236},"2025-11-30",0.52411,{"date":238,"score":157,"percentile":239},"2025-12-01",0.5256,{"date":241,"score":157,"percentile":242},"2025-12-02",0.52577,{"date":244,"score":157,"percentile":245},"2025-12-03",0.52576,{"date":247,"score":157,"percentile":248},"2025-12-04",0.52425,{"date":250,"score":157,"percentile":251},"2025-12-05",0.52445,{"date":253,"score":157,"percentile":254},"2025-12-06",0.52446,{"date":256,"score":157,"percentile":257},"2025-12-07",0.52432,{"date":259,"score":157,"percentile":260},"2025-12-08",0.5243,{"date":262,"score":157,"percentile":263},"2025-12-09",0.52447,{"date":265,"score":157,"percentile":266},"2025-12-10",0.52505,{"date":268,"score":157,"percentile":269},"2025-12-11",0.52523,{"date":271,"score":157,"percentile":272},"2025-12-12",0.5255,{"date":274,"score":157,"percentile":275},"2025-12-13",0.52545,{"date":277,"score":157,"percentile":278},"2025-12-14",0.52531,{"date":280,"score":157,"percentile":170},"2025-12-15",{"date":282,"score":157,"percentile":185},"2025-12-16",{"date":284,"score":285,"percentile":286},"2025-12-17",0.00226,0.45399,{"date":288,"score":285,"percentile":289},"2025-12-18",0.45445,{"date":291,"score":285,"percentile":292},"2025-12-19",0.45458,{"date":294,"score":285,"percentile":295},"2025-12-20",0.45431,{"date":297,"score":285,"percentile":298},"2025-12-21",0.45398,{"date":300,"score":285,"percentile":301},"2025-12-22",0.45377,{"date":303,"score":285,"percentile":301},"2025-12-23",{"date":305,"score":285,"percentile":306},"2025-12-24",0.45388,{"date":308,"score":285,"percentile":309},"2025-12-25",0.45436,{"date":311,"score":285,"percentile":312},"2025-12-26",0.45418,{"date":314,"score":285,"percentile":309},"2025-12-27",{"date":316,"score":285,"percentile":317},"2025-12-28",0.45352,{"date":319,"score":285,"percentile":320},"2025-12-29",0.45337,{"date":322,"score":285,"percentile":323},"2025-12-30",0.45332,{"date":325,"score":285,"percentile":326},"2025-12-31",0.45376,{"date":328,"score":285,"percentile":329},"2026-01-01",0.45523,{"date":331,"score":285,"percentile":332},"2026-01-02",0.455,{"date":334,"score":285,"percentile":335},"2026-01-03",0.45486,{"date":337,"score":285,"percentile":338},"2026-01-04",0.45317,{"date":340,"score":114,"percentile":341},"2026-01-05",0.50372,{"date":343,"score":114,"percentile":344},"2026-01-06",0.50379,{"date":346,"score":114,"percentile":347},"2026-01-07",0.5039,{"date":349,"score":114,"percentile":350},"2026-01-08",0.50414,{"date":352,"score":114,"percentile":353},"2026-01-09",0.50398,{"date":355,"score":114,"percentile":356},"2026-01-10",0.50395,{"date":358,"score":114,"percentile":359},"2026-01-11",0.50374,{"date":361,"score":114,"percentile":362},"2026-01-12",0.5033,{"date":364,"score":114,"percentile":365},"2026-01-13",0.50305,{"date":367,"score":114,"percentile":368},"2026-01-14",0.50353,{"date":370,"score":114,"percentile":371},"2026-01-15",0.50357,{"date":373,"score":114,"percentile":374},"2026-01-16",0.50378,{"date":376,"score":114,"percentile":371},"2026-01-17",{"date":378,"score":114,"percentile":379},"2026-01-18",0.50332,{"date":381,"score":114,"percentile":382},"2026-01-19",0.50308,{"date":384,"score":114,"percentile":382},"2026-01-20",{"date":386,"score":114,"percentile":382},"2026-01-21",{"date":388,"score":114,"percentile":389},"2026-01-22",0.50315,{"date":391,"score":114,"percentile":392},"2026-01-23",0.50365,{"date":394,"score":114,"percentile":395},"2026-01-24",0.50371,{"date":397,"score":114,"percentile":398},"2026-01-25",0.50323,{"date":400,"score":114,"percentile":401},"2026-01-26",0.50298,{"date":403,"score":114,"percentile":404},"2026-01-27",0.50302,{"date":406,"score":114,"percentile":407},"2026-01-28",0.50314,{"date":409,"score":114,"percentile":410},"2026-01-29",0.50311,{"date":412,"score":114,"percentile":407},"2026-01-30",{"date":414,"score":114,"percentile":415},"2026-01-31",0.5032,{"date":417,"score":114,"percentile":418},"2026-02-01",0.50454,[420],{"source":118,"cvss_v2_0":421,"cvss_v3_0":9,"cvss_v3_1":426,"cvss_v4_0":9},{"baseScore":422,"baseSeverity":9,"vectorString":423,"impactScore":424,"exploitabilityScore":425},5.1,"AV:N/AC:H/Au:N/C:P/I:P/A:P",6.4,4.9,{"baseScore":116,"baseSeverity":427,"vectorString":119,"impactScore":428,"exploitabilityScore":429},"HIGH",9.8,4.1,[431,446,456],{"ecosystem":9,"name":432,"vendor":433,"product":432,"cpe_part":434,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":435},"cmd/go","go toolchain","a",[436,441],{"version":437,"is_range":438,"range_type":124,"version_start":9,"version_start_type":9,"version_end":439,"version_end_type":440,"fixed_in":9},"\u003C 1.14.12",true,"1.14.12","excluding",{"version":442,"is_range":438,"range_type":124,"version_start":443,"version_start_type":444,"version_end":445,"version_end_type":440,"fixed_in":9},">= 1.15.0-0, \u003C 1.15.5","1.15.0-0","including","1.15.5",{"ecosystem":9,"name":447,"vendor":448,"product":447,"cpe_part":434,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":449},"go","golang",[450,453],{"version":451,"is_range":438,"range_type":452,"version_start":9,"version_start_type":9,"version_end":439,"version_end_type":440,"fixed_in":9},"lt1.14.12","cpe",{"version":454,"is_range":438,"range_type":452,"version_start":455,"version_start_type":444,"version_end":445,"version_end_type":440,"fixed_in":9},"gte1.15_lt1.15.5","1.15",{"ecosystem":457,"name":458,"vendor":457,"product":458,"cpe_part":9,"purl_type":448,"purl_namespace":9,"purl_name":458,"source":9,"versions":459},"Go","toolchain",[460],{"version":461,"is_range":438,"range_type":462,"version_start":443,"version_start_type":444,"version_end":445,"version_end_type":440,"fixed_in":9},"gte1_15_0_0_lt1_15_5","semver"]