[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-21707":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":26,"aliases":36,"duplicate_of":9,"upstream":37,"downstream":38,"duplicates":85,"related":86,"reserved_at":9,"published_at":102,"modified_at":103,"state":104,"summary":105,"references_raw":113,"kevs":141,"epss":142,"epss_history":145,"metrics":410,"affected":422},"CVE-2021-21707","In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.",null,[11,18],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-OTHER","Other","NVD uses this CWE ID when the weakness does not map to any existing CWE entry.","placeholder","NVD-Reserved",[],{"_key":19,"id":19,"name":20,"description":21,"type":22,"status":23,"abstraction":24,"likelihood_of_exploit":9,"capec":25},"CWE-159","Improper Handling of Invalid Use of Special Elements","The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity.","weakness","Draft","Class",[],[27],{"_key":28,"name":29,"source":30,"url":31,"maturity":32,"reliability_score":33,"verified":34,"type":9,"platforms":35,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_9E2607614D06F04C","Exploit Reference (bugs.php.net)","reference","https://bugs.php.net/bug.php?id=79971","unknown",0.2,false,[],[],[],[39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83],{"_key":40},"RHSA-2022:5491",{"_key":42},"RHSA-2022:7628",{"_key":44},"SUSE-SU-2021:3927-1",{"_key":46},"SUSE-SU-2021:3943-1",{"_key":48},"SUSE-SU-2022:0577-1",{"_key":50},"SUSE-SU-2022:0679-1",{"_key":52},"SUSE-SU-2022:4068-1",{"_key":54},"SUSE-SU-2022:2292-1",{"_key":56},"SUSE-SU-2022:2303-1",{"_key":58},"SUSE-SU-2022:3997-1",{"_key":60},"SUSE-SU-2022:4067-1",{"_key":62},"SUSE-SU-2022:4069-1",{"_key":64},"OPENSUSE-SU-2021:1570-1",{"_key":66},"OPENSUSE-SU-2021:3943-1",{"_key":68},"OPENSUSE-SU-2024:11638-1",{"_key":70},"OPENSUSE-SU-2024:11640-1",{"_key":72},"DLA-3243-1",{"_key":74},"DSA-5082-1",{"_key":76},"MGASA-2021-0519",{"_key":78},"UBUNTU-CVE-2021-21707",{"_key":80},"USN-5300-2",{"_key":82},"DEBIAN-CVE-2021-21707",{"_key":84},"USN-5300-1",[],[87,88,89,90,91,92,93,94,95,96,97,98,99,100,101],{"_key":44},{"_key":46},{"_key":48},{"_key":50},{"_key":52},{"_key":54},{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},{"_key":70},{"_key":76},"2021-11-29T06:25:08.814Z","2024-09-17T03:38:22.394Z","Modified",{"cisa_kev":34,"cisa_ransomware":34,"cisa_vendor":9,"epss_severity":106,"epss_score":107,"severity":108,"severity_score":109,"severity_version":110,"severity_source":111,"severity_vector":112,"severity_status":104},"low",0.00563,"medium",5.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",[114,123,128,132,136],{"url":31,"sources":115,"tags":117},[111,116],"nvd",[118,119,120,121,122],"Exploit","Issue Tracking","Patch","Release Notes","Vendor Advisory",{"url":124,"sources":125,"tags":126},"https://security.netapp.com/advisory/ntap-20211223-0005/",[111,116],[127],"Third Party Advisory",{"url":129,"sources":130,"tags":131},"https://www.debian.org/security/2022/dsa-5082",[111,116],[122,127],{"url":133,"sources":134,"tags":135},"https://www.tenable.com/security/tns-2022-09",[111,116],[120,121,127],{"url":137,"sources":138,"tags":139},"https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html",[111,116],[140,119],"Mailing List",[],{"date":143,"score":107,"percentile":144},"2026-06-04",0.68742,[146,150,153,156,159,162,165,168,171,174,177,180,183,186,188,192,195,198,201,204,207,210,213,216,219,222,224,227,230,233,236,238,241,243,245,247,250,253,256,259,262,265,268,272,275,278,281,283,286,288,291,294,297,300,304,307,310,313,316,319,322,325,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,385,388,390,392,395,398,401,404,407],{"date":147,"score":148,"percentile":149},"2025-11-04",0.00843,0.74013,{"date":151,"score":148,"percentile":152},"2025-11-05",0.73998,{"date":154,"score":148,"percentile":155},"2025-11-06",0.73995,{"date":157,"score":148,"percentile":158},"2025-11-07",0.74014,{"date":160,"score":148,"percentile":161},"2025-11-08",0.74012,{"date":163,"score":148,"percentile":164},"2025-11-09",0.74007,{"date":166,"score":148,"percentile":167},"2025-11-10",0.73992,{"date":169,"score":148,"percentile":170},"2025-11-11",0.73996,{"date":172,"score":148,"percentile":173},"2025-11-12",0.74016,{"date":175,"score":148,"percentile":176},"2025-11-13",0.74022,{"date":178,"score":148,"percentile":179},"2025-11-14",0.74027,{"date":181,"score":148,"percentile":182},"2025-11-15",0.74024,{"date":184,"score":148,"percentile":185},"2025-11-16",0.74021,{"date":187,"score":148,"percentile":161},"2025-11-17",{"date":189,"score":190,"percentile":191},"2025-11-18",0.01039,0.75515,{"date":193,"score":190,"percentile":194},"2025-11-19",0.75522,{"date":196,"score":190,"percentile":197},"2025-11-20",0.75531,{"date":199,"score":148,"percentile":200},"2025-11-21",0.74028,{"date":202,"score":148,"percentile":203},"2025-11-22",0.7402,{"date":205,"score":148,"percentile":206},"2025-11-23",0.74006,{"date":208,"score":148,"percentile":209},"2025-11-24",0.74002,{"date":211,"score":148,"percentile":212},"2025-11-25",0.74003,{"date":214,"score":148,"percentile":215},"2025-11-26",0.74008,{"date":217,"score":148,"percentile":218},"2025-11-27",0.7401,{"date":220,"score":148,"percentile":221},"2025-11-28",0.73999,{"date":223,"score":148,"percentile":170},"2025-11-29",{"date":225,"score":148,"percentile":226},"2025-11-30",0.7399,{"date":228,"score":148,"percentile":229},"2025-12-01",0.74123,{"date":231,"score":148,"percentile":232},"2025-12-02",0.7413,{"date":234,"score":148,"percentile":235},"2025-12-03",0.74129,{"date":237,"score":148,"percentile":152},"2025-12-04",{"date":239,"score":148,"percentile":240},"2025-12-05",0.74009,{"date":242,"score":148,"percentile":240},"2025-12-06",{"date":244,"score":148,"percentile":240},"2025-12-07",{"date":246,"score":148,"percentile":158},"2025-12-08",{"date":248,"score":148,"percentile":249},"2025-12-09",0.74044,{"date":251,"score":148,"percentile":252},"2025-12-10",0.74076,{"date":254,"score":148,"percentile":255},"2025-12-11",0.74091,{"date":257,"score":148,"percentile":258},"2025-12-12",0.74115,{"date":260,"score":148,"percentile":261},"2025-12-13",0.74119,{"date":263,"score":148,"percentile":264},"2025-12-14",0.74118,{"date":266,"score":148,"percentile":267},"2025-12-15",0.74122,{"date":269,"score":270,"percentile":271},"2025-12-16",0.00814,0.73649,{"date":273,"score":270,"percentile":274},"2025-12-17",0.73659,{"date":276,"score":270,"percentile":277},"2025-12-18",0.73681,{"date":279,"score":270,"percentile":280},"2025-12-19",0.73699,{"date":282,"score":270,"percentile":280},"2025-12-20",{"date":284,"score":270,"percentile":285},"2025-12-21",0.73692,{"date":287,"score":270,"percentile":285},"2025-12-22",{"date":289,"score":270,"percentile":290},"2025-12-23",0.73682,{"date":292,"score":270,"percentile":293},"2025-12-24",0.73694,{"date":295,"score":270,"percentile":296},"2025-12-25",0.73722,{"date":298,"score":270,"percentile":299},"2025-12-26",0.73719,{"date":301,"score":302,"percentile":303},"2025-12-27",0.00584,0.68411,{"date":305,"score":270,"percentile":306},"2025-12-28",0.73696,{"date":308,"score":270,"percentile":309},"2025-12-29",0.73689,{"date":311,"score":107,"percentile":312},"2025-12-30",0.6769,{"date":314,"score":107,"percentile":315},"2025-12-31",0.67708,{"date":317,"score":107,"percentile":318},"2026-01-01",0.67884,{"date":320,"score":107,"percentile":321},"2026-01-02",0.67871,{"date":323,"score":107,"percentile":324},"2026-01-03",0.67872,{"date":326,"score":107,"percentile":327},"2026-01-04",0.67706,{"date":329,"score":107,"percentile":330},"2026-01-05",0.67694,{"date":332,"score":107,"percentile":333},"2026-01-06",0.67705,{"date":335,"score":107,"percentile":336},"2026-01-07",0.67725,{"date":338,"score":107,"percentile":339},"2026-01-08",0.67739,{"date":341,"score":107,"percentile":342},"2026-01-09",0.6775,{"date":344,"score":107,"percentile":345},"2026-01-10",0.67752,{"date":347,"score":107,"percentile":348},"2026-01-11",0.67745,{"date":350,"score":107,"percentile":351},"2026-01-12",0.67732,{"date":353,"score":107,"percentile":354},"2026-01-13",0.67728,{"date":356,"score":107,"percentile":357},"2026-01-14",0.67765,{"date":359,"score":107,"percentile":360},"2026-01-15",0.6777,{"date":362,"score":107,"percentile":363},"2026-01-16",0.67786,{"date":365,"score":107,"percentile":366},"2026-01-17",0.67774,{"date":368,"score":107,"percentile":369},"2026-01-18",0.67763,{"date":371,"score":107,"percentile":372},"2026-01-19",0.67747,{"date":374,"score":107,"percentile":375},"2026-01-20",0.67757,{"date":377,"score":107,"percentile":378},"2026-01-21",0.67766,{"date":380,"score":107,"percentile":381},"2026-01-22",0.67776,{"date":383,"score":107,"percentile":384},"2026-01-23",0.67806,{"date":386,"score":107,"percentile":387},"2026-01-24",0.67817,{"date":389,"score":107,"percentile":363},"2026-01-25",{"date":391,"score":107,"percentile":381},"2026-01-26",{"date":393,"score":107,"percentile":394},"2026-01-27",0.67784,{"date":396,"score":107,"percentile":397},"2026-01-28",0.67796,{"date":399,"score":107,"percentile":400},"2026-01-29",0.67793,{"date":402,"score":107,"percentile":403},"2026-01-30",0.67801,{"date":405,"score":107,"percentile":406},"2026-01-31",0.67804,{"date":408,"score":107,"percentile":409},"2026-02-01",0.67956,[411,416],{"source":111,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":412,"cvss_v4_0":9},{"baseScore":109,"baseSeverity":413,"vectorString":112,"impactScore":414,"exploitabilityScore":415},"MEDIUM",2.3,10,{"source":116,"cvss_v2_0":417,"cvss_v3_0":9,"cvss_v3_1":421,"cvss_v4_0":9},{"baseScore":418,"baseSeverity":9,"vectorString":419,"impactScore":420,"exploitabilityScore":415},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,{"baseScore":109,"baseSeverity":413,"vectorString":112,"impactScore":414,"exploitabilityScore":415},[423,434,442,460,471],{"ecosystem":9,"name":424,"vendor":425,"product":426,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"debian linux","debian","debian_linux","o",[429,432],{"version":430,"is_range":34,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"version":433,"is_range":34,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":9,"name":435,"vendor":436,"product":437,"cpe_part":438,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":439},"clustered data ontap","netapp","clustered_data_ontap","a",[440],{"version":441,"is_range":34,"range_type":431,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":9,"name":443,"vendor":9,"product":443,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":444},"PHP",[445,452,456],{"version":446,"is_range":447,"range_type":111,"version_start":448,"version_start_type":449,"version_end":450,"version_end_type":451,"fixed_in":9},">= 7.3.x, \u003C 7.3.33",true,"7.3.x","including","7.3.33","excluding",{"version":453,"is_range":447,"range_type":111,"version_start":454,"version_start_type":449,"version_end":455,"version_end_type":451,"fixed_in":9},">= 7.4.x, \u003C 7.4.26","7.4.x","7.4.26",{"version":457,"is_range":447,"range_type":111,"version_start":458,"version_start_type":449,"version_end":459,"version_end_type":451,"fixed_in":9},">= 8.0.X, \u003C 8.0.13","8.0.X","8.0.13",{"ecosystem":9,"name":443,"vendor":9,"product":443,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":461},[462,465,468],{"version":463,"is_range":447,"range_type":431,"version_start":464,"version_start_type":449,"version_end":450,"version_end_type":451,"fixed_in":9},"gte7.3.0_lt7.3.33","7.3.0",{"version":466,"is_range":447,"range_type":431,"version_start":467,"version_start_type":449,"version_end":455,"version_end_type":451,"fixed_in":9},"gte7.4.0_lt7.4.26","7.4.0",{"version":469,"is_range":447,"range_type":431,"version_start":470,"version_start_type":449,"version_end":459,"version_end_type":451,"fixed_in":9},"gte8.0.0_lt8.0.13","8.0.0",{"ecosystem":9,"name":472,"vendor":473,"product":472,"cpe_part":438,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":474},"tenable.sc","tenable",[475],{"version":476,"is_range":447,"range_type":431,"version_start":9,"version_start_type":9,"version_end":477,"version_end_type":451,"fixed_in":9},"lt5.21.0","5.21.0"]