[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-25857":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":39,"duplicate_of":9,"upstream":41,"downstream":42,"duplicates":93,"related":94,"reserved_at":9,"published_at":105,"modified_at":106,"state":107,"summary":108,"references_raw":116,"kevs":161,"epss":162,"epss_history":165,"metrics":437,"affected":447},"CVE-2022-25857","The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-776","Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')","The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-197","Exponential Data Expansion",[],[25,34],{"_key":26,"name":27,"source":28,"url":29,"maturity":30,"reliability_score":31,"verified":32,"type":9,"platforms":33,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_2FD04EC61387ED4D","Exploit Reference (security.snyk.io)","reference","https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360","unknown",0.2,false,[],{"_key":35,"name":36,"source":28,"url":37,"maturity":30,"reliability_score":31,"verified":32,"type":9,"platforms":38,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_2B9B13AB69A2F801","Exploit Reference (bitbucket.org)","https://bitbucket.org/snakeyaml/snakeyaml/issues/525",[],[40],"GHSA-3mc7-4q67-w48m",[],[43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91],{"_key":44},"SUSE-SU-2022:3560-1",{"_key":46},"UBUNTU-CVE-2022-25857",{"_key":48},"SUSE-SU-2022:3397-1",{"_key":50},"DLA-3132-1",{"_key":52},"DEBIAN-CVE-2022-25857",{"_key":54},"RHSA-2022:6820",{"_key":56},"RHSA-2022:6821",{"_key":58},"RHSA-2022:6822",{"_key":60},"RHSA-2022:6823",{"_key":62},"RHSA-2023:2097",{"_key":64},"RHSA-2023:0560",{"_key":66},"RHSA-2023:0777",{"_key":68},"RHSA-2023:3198",{"_key":70},"RHSA-2024:0776",{"_key":72},"USN-5944-1",{"_key":74},"RHSA-2025:4437",{"_key":76},"RHSA-2025:4226",{"_key":78},"RHSA-2023:1043",{"_key":80},"RHSA-2023:1044",{"_key":82},"RHSA-2023:1045",{"_key":84},"RHSA-2024:0778",{"_key":86},"RHSA-2023:6172",{"_key":88},"RHSA-2023:6179",{"_key":90},"RHSA-2023:7288",{"_key":92},"RHSA-2024:0777",[],[95,96,97,99,101,103],{"_key":44},{"_key":48},{"_key":98},"CGA-8MHP-9R8C-WHW4",{"_key":100},"CGA-V8C3-WC4Q-HFMX",{"_key":102},"CGA-W753-XWWQ-8CH4",{"_key":104},"CGA-W4FF-2M4V-J788","2022-08-30T05:05:11.588Z","2024-09-16T21:57:41.551Z","Modified",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":109,"epss_score":110,"severity":111,"severity_score":112,"severity_version":113,"severity_source":114,"severity_vector":115,"severity_status":107},"low",0.0292,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[117,126,130,134,138,143,147,152,157],{"url":29,"sources":118,"tags":121},[114,119,120],"nvd","osv_maven",[122,123,124,125],"Exploit","Patch","Third Party Advisory","WEB",{"url":127,"sources":128,"tags":129},"https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174",[114,119,120],[123,124,125],{"url":131,"sources":132,"tags":133},"https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174",[114,119,120],[123,124,125],{"url":37,"sources":135,"tags":136},[114,119,120],[122,137,124,125],"Issue Tracking",{"url":139,"sources":140,"tags":141},"https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html",[114,119,120],[142,124,125],"Mailing List",{"url":144,"sources":145,"tags":146},"https://security.netapp.com/advisory/ntap-20240315-0010/",[114,119],[],{"url":148,"sources":149,"tags":150},"https://nvd.nist.gov/vuln/detail/CVE-2022-25857",[120],[151],"Advisory",{"url":153,"sources":154,"tags":155},"https://github.com/snakeyaml/snakeyaml",[120],[156],"PACKAGE",{"url":158,"sources":159,"tags":160},"https://security.netapp.com/advisory/ntap-20240315-0010",[120],[125],[],{"date":163,"score":110,"percentile":164},"2026-06-04",0.86655,[166,170,173,176,179,182,185,188,191,194,198,201,204,207,210,214,217,220,223,226,229,232,235,238,241,244,247,250,253,256,259,262,265,267,270,272,274,277,280,283,286,289,292,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,341,344,347,350,353,356,359,362,365,368,371,374,377,380,383,386,389,392,396,399,402,405,408,411,414,417,420,422,425,428,431,434],{"date":167,"score":168,"percentile":169},"2025-11-04",0.00319,0.54493,{"date":171,"score":168,"percentile":172},"2025-11-05",0.54457,{"date":174,"score":168,"percentile":175},"2025-11-06",0.54472,{"date":177,"score":168,"percentile":178},"2025-11-07",0.54495,{"date":180,"score":168,"percentile":181},"2025-11-08",0.54496,{"date":183,"score":168,"percentile":184},"2025-11-09",0.54492,{"date":186,"score":168,"percentile":187},"2025-11-10",0.54467,{"date":189,"score":168,"percentile":190},"2025-11-11",0.54482,{"date":192,"score":168,"percentile":193},"2025-11-12",0.54506,{"date":195,"score":196,"percentile":197},"2025-11-13",0.00347,0.56648,{"date":199,"score":196,"percentile":200},"2025-11-14",0.56647,{"date":202,"score":196,"percentile":203},"2025-11-15",0.56639,{"date":205,"score":196,"percentile":206},"2025-11-16",0.56622,{"date":208,"score":196,"percentile":209},"2025-11-17",0.56615,{"date":211,"score":212,"percentile":213},"2025-11-18",0.02384,0.83678,{"date":215,"score":212,"percentile":216},"2025-11-19",0.8368,{"date":218,"score":212,"percentile":219},"2025-11-20",0.83685,{"date":221,"score":196,"percentile":222},"2025-11-21",0.56629,{"date":224,"score":196,"percentile":225},"2025-11-22",0.56624,{"date":227,"score":196,"percentile":228},"2025-11-23",0.56598,{"date":230,"score":196,"percentile":231},"2025-11-24",0.56592,{"date":233,"score":196,"percentile":234},"2025-11-25",0.56597,{"date":236,"score":196,"percentile":237},"2025-11-26",0.56601,{"date":239,"score":196,"percentile":240},"2025-11-27",0.56602,{"date":242,"score":196,"percentile":243},"2025-11-28",0.56577,{"date":245,"score":196,"percentile":246},"2025-11-29",0.56565,{"date":248,"score":196,"percentile":249},"2025-11-30",0.56558,{"date":251,"score":196,"percentile":252},"2025-12-01",0.56712,{"date":254,"score":196,"percentile":255},"2025-12-02",0.56729,{"date":257,"score":196,"percentile":258},"2025-12-03",0.56726,{"date":260,"score":196,"percentile":261},"2025-12-04",0.5656,{"date":263,"score":196,"percentile":264},"2025-12-05",0.56576,{"date":266,"score":196,"percentile":243},"2025-12-06",{"date":268,"score":196,"percentile":269},"2025-12-07",0.56574,{"date":271,"score":196,"percentile":264},"2025-12-08",{"date":273,"score":196,"percentile":228},"2025-12-09",{"date":275,"score":196,"percentile":276},"2025-12-10",0.56654,{"date":278,"score":196,"percentile":279},"2025-12-11",0.56679,{"date":281,"score":196,"percentile":282},"2025-12-12",0.56704,{"date":284,"score":196,"percentile":285},"2025-12-13",0.56699,{"date":287,"score":196,"percentile":288},"2025-12-14",0.56697,{"date":290,"score":196,"percentile":291},"2025-12-15",0.56683,{"date":293,"score":196,"percentile":294},"2025-12-16",0.56696,{"date":296,"score":196,"percentile":297},"2025-12-17",0.56714,{"date":299,"score":196,"percentile":300},"2025-12-18",0.56756,{"date":302,"score":196,"percentile":303},"2025-12-19",0.56765,{"date":305,"score":196,"percentile":306},"2025-12-20",0.56761,{"date":308,"score":196,"percentile":309},"2025-12-21",0.5674,{"date":311,"score":196,"percentile":312},"2025-12-22",0.56721,{"date":314,"score":196,"percentile":315},"2025-12-23",0.56728,{"date":317,"score":196,"percentile":318},"2025-12-24",0.56736,{"date":320,"score":196,"percentile":321},"2025-12-25",0.5678,{"date":323,"score":196,"percentile":324},"2025-12-26",0.56776,{"date":326,"score":196,"percentile":327},"2025-12-27",0.5683,{"date":329,"score":196,"percentile":330},"2025-12-28",0.56748,{"date":332,"score":196,"percentile":333},"2025-12-29",0.56738,{"date":335,"score":196,"percentile":336},"2025-12-30",0.56735,{"date":338,"score":339,"percentile":340},"2025-12-31",0.0037,0.58256,{"date":342,"score":339,"percentile":343},"2026-01-01",0.58426,{"date":345,"score":339,"percentile":346},"2026-01-02",0.58409,{"date":348,"score":339,"percentile":349},"2026-01-03",0.58404,{"date":351,"score":339,"percentile":352},"2026-01-04",0.58226,{"date":354,"score":339,"percentile":355},"2026-01-05",0.58219,{"date":357,"score":339,"percentile":358},"2026-01-06",0.58229,{"date":360,"score":339,"percentile":361},"2026-01-07",0.58257,{"date":363,"score":339,"percentile":364},"2026-01-08",0.5828,{"date":366,"score":339,"percentile":367},"2026-01-09",0.58285,{"date":369,"score":339,"percentile":370},"2026-01-10",0.58284,{"date":372,"score":339,"percentile":373},"2026-01-11",0.58269,{"date":375,"score":339,"percentile":376},"2026-01-12",0.58242,{"date":378,"score":339,"percentile":379},"2026-01-13",0.58217,{"date":381,"score":339,"percentile":382},"2026-01-14",0.58263,{"date":384,"score":339,"percentile":385},"2026-01-15",0.58267,{"date":387,"score":339,"percentile":388},"2026-01-16",0.58292,{"date":390,"score":339,"percentile":391},"2026-01-17",0.58283,{"date":393,"score":394,"percentile":395},"2026-01-18",0.00348,0.56797,{"date":397,"score":394,"percentile":398},"2026-01-19",0.56782,{"date":400,"score":394,"percentile":401},"2026-01-20",0.56783,{"date":403,"score":394,"percentile":404},"2026-01-21",0.56788,{"date":406,"score":394,"percentile":407},"2026-01-22",0.56789,{"date":409,"score":394,"percentile":410},"2026-01-23",0.56833,{"date":412,"score":394,"percentile":413},"2026-01-24",0.56838,{"date":415,"score":394,"percentile":416},"2026-01-25",0.56801,{"date":418,"score":394,"percentile":419},"2026-01-26",0.56787,{"date":421,"score":394,"percentile":395},"2026-01-27",{"date":423,"score":394,"percentile":424},"2026-01-28",0.56809,{"date":426,"score":394,"percentile":427},"2026-01-29",0.5681,{"date":429,"score":394,"percentile":430},"2026-01-30",0.56813,{"date":432,"score":394,"percentile":433},"2026-01-31",0.56814,{"date":435,"score":394,"percentile":436},"2026-02-01",0.56952,[438,443,445],{"source":114,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":439,"cvss_v4_0":9},{"baseScore":112,"baseSeverity":440,"vectorString":115,"impactScore":441,"exploitabilityScore":442},"HIGH",6,10,{"source":119,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":444,"cvss_v4_0":9},{"baseScore":112,"baseSeverity":440,"vectorString":115,"impactScore":441,"exploitabilityScore":442},{"source":120,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":446,"cvss_v4_0":9},{"baseScore":112,"baseSeverity":9,"vectorString":115,"impactScore":441,"exploitabilityScore":442},[448,457,470],{"ecosystem":9,"name":449,"vendor":450,"product":451,"cpe_part":452,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":453},"debian linux","debian","debian_linux","o",[454],{"version":455,"is_range":32,"range_type":456,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":458,"name":459,"vendor":460,"product":461,"cpe_part":9,"purl_type":462,"purl_namespace":460,"purl_name":461,"source":9,"versions":463},"Maven","org.yaml:snakeyaml","org.yaml","snakeyaml","maven",[464],{"version":465,"is_range":466,"range_type":467,"version_start":9,"version_start_type":9,"version_end":468,"version_end_type":469,"fixed_in":9},"lt1_31",true,"ecosystem","1.31","excluding",{"ecosystem":9,"name":461,"vendor":471,"product":461,"cpe_part":472,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":473},"snakeyaml_project","a",[474],{"version":475,"is_range":466,"range_type":456,"version_start":9,"version_start_type":9,"version_end":468,"version_end_type":469,"fixed_in":9},"lt1.31"]