[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-7677":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":32,"duplicate_of":9,"upstream":34,"downstream":35,"duplicates":46,"related":47,"reserved_at":9,"published_at":49,"modified_at":50,"state":51,"summary":52,"references_raw":60,"kevs":119,"epss":120,"epss_history":123,"metrics":393,"affected":408},"CVE-2020-7677","This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[19,28],{"_key":20,"name":21,"source":22,"url":23,"maturity":24,"reliability_score":25,"verified":26,"type":9,"platforms":27,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_1E96CFA676BC6B74","Exploit Reference (security.snyk.io)","reference","https://security.snyk.io/vuln/SNYK-JS-THENIFY-571690","unknown",0.2,false,[],{"_key":29,"name":21,"source":22,"url":30,"maturity":24,"reliability_score":25,"verified":26,"type":9,"platforms":31,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_1DB52DD7C95F05B5","https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-572317",[],[33],"GHSA-29xr-v42j-r956",[],[36,38,40,42,44],{"_key":37},"UBUNTU-CVE-2020-7677",{"_key":39},"USN-6016-1",{"_key":41},"DLA-3128-1",{"_key":43},"MGASA-2025-0194",{"_key":45},"DEBIAN-CVE-2020-7677",[],[48],{"_key":43},"2022-07-25T14:08:22.131Z","2024-09-16T17:34:23.113Z","Modified",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":53,"epss_score":54,"severity":55,"severity_score":56,"severity_version":57,"severity_source":58,"severity_vector":59,"severity_status":51},"low",0.01051,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[61,70,73,78,83,88,93,97,102,106,111,115],{"url":23,"sources":62,"tags":66},[63,58,64,65],"cve.org","osv_npm","osv_maven",[67,68,69],"Exploit","Third Party Advisory","WEB",{"url":30,"sources":71,"tags":72},[63,58,64,65],[67,68,69],{"url":74,"sources":75,"tags":76},"https://github.com/thenables/thenify/blob/master/index.js%23L17",[63,58,64,65],[77,69],"Broken Link",{"url":79,"sources":80,"tags":81},"https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a",[63,58,64,65],[82,69],"Patch",{"url":84,"sources":85,"tags":86},"https://lists.debian.org/debian-lts-announce/2022/09/msg00039.html",[63,58,64,65],[87,68,69],"Mailing List",{"url":89,"sources":90,"tags":91},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/",[63,58],[92],"Vendor Advisory",{"url":94,"sources":95,"tags":96},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/",[63,58],[92],{"url":98,"sources":99,"tags":100},"https://nvd.nist.gov/vuln/detail/CVE-2020-7677",[64,65],[101],"Advisory",{"url":103,"sources":104,"tags":105},"https://github.com/thenables/thenify/issues/29",[64,65],[69],{"url":107,"sources":108,"tags":109},"https://github.com/thenables/thenify",[64,65],[110],"PACKAGE",{"url":112,"sources":113,"tags":114},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3",[64,65],[69],{"url":116,"sources":117,"tags":118},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK",[64,65],[69],[],{"date":121,"score":54,"percentile":122},"2026-06-04",0.77887,[124,128,131,134,137,140,143,146,149,152,155,158,160,163,166,170,173,176,179,181,184,187,191,194,197,200,203,206,209,212,215,218,221,224,227,230,233,236,239,242,245,247,250,253,256,259,262,265,268,271,273,276,279,282,285,288,291,293,296,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,352,355,357,360,363,366,369,372,375,378,381,384,387,390],{"date":125,"score":126,"percentile":127},"2025-11-04",0.002,0.42275,{"date":129,"score":126,"percentile":130},"2025-11-05",0.42268,{"date":132,"score":126,"percentile":133},"2025-11-06",0.42281,{"date":135,"score":126,"percentile":136},"2025-11-07",0.42305,{"date":138,"score":126,"percentile":139},"2025-11-08",0.42298,{"date":141,"score":126,"percentile":142},"2025-11-09",0.42273,{"date":144,"score":126,"percentile":145},"2025-11-10",0.42239,{"date":147,"score":126,"percentile":148},"2025-11-11",0.42257,{"date":150,"score":126,"percentile":151},"2025-11-12",0.4229,{"date":153,"score":126,"percentile":154},"2025-11-13",0.42304,{"date":156,"score":126,"percentile":157},"2025-11-14",0.42308,{"date":159,"score":126,"percentile":136},"2025-11-15",{"date":161,"score":126,"percentile":162},"2025-11-16",0.42291,{"date":164,"score":126,"percentile":165},"2025-11-17",0.42261,{"date":167,"score":168,"percentile":169},"2025-11-18",0.014,0.78776,{"date":171,"score":168,"percentile":172},"2025-11-19",0.78784,{"date":174,"score":168,"percentile":175},"2025-11-20",0.78791,{"date":177,"score":126,"percentile":178},"2025-11-21",0.42254,{"date":180,"score":126,"percentile":178},"2025-11-22",{"date":182,"score":126,"percentile":183},"2025-11-23",0.42224,{"date":185,"score":126,"percentile":186},"2025-11-24",0.42216,{"date":188,"score":189,"percentile":190},"2025-11-25",0.00213,0.43846,{"date":192,"score":189,"percentile":193},"2025-11-26",0.43845,{"date":195,"score":189,"percentile":196},"2025-11-27",0.43852,{"date":198,"score":189,"percentile":199},"2025-11-28",0.43821,{"date":201,"score":189,"percentile":202},"2025-11-29",0.43801,{"date":204,"score":189,"percentile":205},"2025-11-30",0.43781,{"date":207,"score":189,"percentile":208},"2025-12-01",0.43919,{"date":210,"score":189,"percentile":211},"2025-12-02",0.43933,{"date":213,"score":189,"percentile":214},"2025-12-03",0.4393,{"date":216,"score":189,"percentile":217},"2025-12-04",0.43786,{"date":219,"score":189,"percentile":220},"2025-12-05",0.43811,{"date":222,"score":189,"percentile":223},"2025-12-06",0.43804,{"date":225,"score":189,"percentile":226},"2025-12-07",0.43789,{"date":228,"score":189,"percentile":229},"2025-12-08",0.43793,{"date":231,"score":189,"percentile":232},"2025-12-09",0.43827,{"date":234,"score":189,"percentile":235},"2025-12-10",0.43895,{"date":237,"score":189,"percentile":238},"2025-12-11",0.43923,{"date":240,"score":189,"percentile":241},"2025-12-12",0.43951,{"date":243,"score":126,"percentile":244},"2025-12-13",0.42331,{"date":246,"score":126,"percentile":151},"2025-12-14",{"date":248,"score":126,"percentile":249},"2025-12-15",0.42276,{"date":251,"score":126,"percentile":252},"2025-12-16",0.42306,{"date":254,"score":126,"percentile":255},"2025-12-17",0.42349,{"date":257,"score":126,"percentile":258},"2025-12-18",0.42388,{"date":260,"score":126,"percentile":261},"2025-12-19",0.42403,{"date":263,"score":126,"percentile":264},"2025-12-20",0.4238,{"date":266,"score":126,"percentile":267},"2025-12-21",0.42338,{"date":269,"score":126,"percentile":270},"2025-12-22",0.42313,{"date":272,"score":126,"percentile":270},"2025-12-23",{"date":274,"score":126,"percentile":275},"2025-12-24",0.42328,{"date":277,"score":126,"percentile":278},"2025-12-25",0.42378,{"date":280,"score":126,"percentile":281},"2025-12-26",0.42358,{"date":283,"score":126,"percentile":284},"2025-12-27",0.42372,{"date":286,"score":126,"percentile":287},"2025-12-28",0.42283,{"date":289,"score":126,"percentile":290},"2025-12-29",0.42265,{"date":292,"score":126,"percentile":148},"2025-12-30",{"date":294,"score":126,"percentile":295},"2025-12-31",0.42302,{"date":297,"score":298,"percentile":299},"2026-01-01",0.00227,0.45574,{"date":301,"score":298,"percentile":302},"2026-01-02",0.45551,{"date":304,"score":298,"percentile":305},"2026-01-03",0.45537,{"date":307,"score":298,"percentile":308},"2026-01-04",0.45367,{"date":310,"score":298,"percentile":311},"2026-01-05",0.45349,{"date":313,"score":298,"percentile":314},"2026-01-06",0.45354,{"date":316,"score":298,"percentile":317},"2026-01-07",0.45372,{"date":319,"score":298,"percentile":320},"2026-01-08",0.45397,{"date":322,"score":298,"percentile":323},"2026-01-09",0.45369,{"date":325,"score":298,"percentile":326},"2026-01-10",0.45362,{"date":328,"score":298,"percentile":329},"2026-01-11",0.45342,{"date":331,"score":298,"percentile":332},"2026-01-12",0.45291,{"date":334,"score":298,"percentile":335},"2026-01-13",0.45267,{"date":337,"score":298,"percentile":338},"2026-01-14",0.45316,{"date":340,"score":298,"percentile":341},"2026-01-15",0.45311,{"date":343,"score":298,"percentile":344},"2026-01-16",0.45331,{"date":346,"score":298,"percentile":347},"2026-01-17",0.45307,{"date":349,"score":350,"percentile":351},"2026-01-18",0.00239,0.468,{"date":353,"score":350,"percentile":354},"2026-01-19",0.46773,{"date":356,"score":350,"percentile":354},"2026-01-20",{"date":358,"score":350,"percentile":359},"2026-01-21",0.46774,{"date":361,"score":350,"percentile":362},"2026-01-22",0.46775,{"date":364,"score":350,"percentile":365},"2026-01-23",0.46825,{"date":367,"score":350,"percentile":368},"2026-01-24",0.4683,{"date":370,"score":350,"percentile":371},"2026-01-25",0.46776,{"date":373,"score":350,"percentile":374},"2026-01-26",0.46744,{"date":376,"score":350,"percentile":377},"2026-01-27",0.4675,{"date":379,"score":350,"percentile":380},"2026-01-28",0.46756,{"date":382,"score":350,"percentile":383},"2026-01-29",0.46746,{"date":385,"score":350,"percentile":386},"2026-01-30",0.46755,{"date":388,"score":350,"percentile":389},"2026-01-31",0.46763,{"date":391,"score":350,"percentile":392},"2026-02-01",0.46899,[394,401,404,406],{"source":63,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":395,"cvss_v4_0":9},{"baseScore":396,"baseSeverity":397,"vectorString":398,"impactScore":399,"exploitabilityScore":400},8.6,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:U/RC:C",7.8,10,{"source":58,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":402,"cvss_v4_0":9},{"baseScore":56,"baseSeverity":403,"vectorString":59,"impactScore":56,"exploitabilityScore":400},"CRITICAL",{"source":64,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":405,"cvss_v4_0":9},{"baseScore":56,"baseSeverity":9,"vectorString":59,"impactScore":56,"exploitabilityScore":400},{"source":65,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":407,"cvss_v4_0":9},{"baseScore":56,"baseSeverity":9,"vectorString":59,"impactScore":56,"exploitabilityScore":400},[409,418,426,439,445],{"ecosystem":9,"name":410,"vendor":411,"product":412,"cpe_part":413,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":414},"debian linux","debian","debian_linux","o",[415],{"version":416,"is_range":26,"range_type":417,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":419,"vendor":420,"product":419,"cpe_part":413,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":421},"fedora","fedoraproject",[422,424],{"version":423,"is_range":26,"range_type":417,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"36",{"version":425,"is_range":26,"range_type":417,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"37",{"ecosystem":427,"name":428,"vendor":429,"product":430,"cpe_part":9,"purl_type":431,"purl_namespace":429,"purl_name":430,"source":9,"versions":432},"Maven","org.webjars.npm:thenify","org.webjars.npm","thenify","maven",[433],{"version":434,"is_range":435,"range_type":436,"version_start":9,"version_start_type":9,"version_end":437,"version_end_type":438,"fixed_in":9},"lt3_3_1",true,"ecosystem","3.3.1","excluding",{"ecosystem":440,"name":430,"vendor":440,"product":430,"cpe_part":9,"purl_type":441,"purl_namespace":9,"purl_name":430,"source":9,"versions":442},"Npm","npm",[443],{"version":434,"is_range":435,"range_type":444,"version_start":9,"version_start_type":9,"version_end":437,"version_end_type":438,"fixed_in":9},"semver",{"ecosystem":9,"name":430,"vendor":446,"product":430,"cpe_part":447,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":448},"thenify_project","a",[449],{"version":450,"is_range":435,"range_type":417,"version_start":9,"version_start_type":9,"version_end":437,"version_end_type":438,"fixed_in":9},"lt3.3.1"]