[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-28131":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":75,"related":76,"reserved_at":9,"published_at":83,"modified_at":84,"state":85,"summary":86,"references_raw":95,"kevs":121,"epss":122,"epss_history":125,"metrics":390,"affected":396},"CVE-2022-28131","Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-674","Uncontrolled Recursion","The product does not properly control the amount of recursion that takes place,  consuming excessive resources, such as allocated memory or the program stack.","weakness","Draft","Class",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-230","Serialized Data with Nested Payloads",[],{"id":24,"name":25,"techniques":26},"CAPEC-231","Oversized Serialized Data Payloads",[],[],[29,30],"GO-2022-0521","BIT-golang-2022-28131",[],[33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73],{"_key":34},"SUSE-SU-2022:2672-1",{"_key":36},"OPENSUSE-SU-2024:12190-1",{"_key":38},"UBUNTU-CVE-2022-28131",{"_key":40},"SUSE-SU-2022:2671-1",{"_key":42},"SUSE-SU-2023:2312-1",{"_key":44},"OPENSUSE-SU-2024:12189-1",{"_key":46},"MGASA-2022-0262",{"_key":48},"USN-6038-1",{"_key":50},"DEBIAN-CVE-2022-28131",{"_key":52},"USN-6038-2",{"_key":54},"RHSA-2022:5775",{"_key":56},"RHSA-2022:5799",{"_key":58},"RHSA-2022:5866",{"_key":60},"RHSA-2022:6042",{"_key":62},"RHSA-2022:6113",{"_key":64},"RHSA-2022:7519",{"_key":66},"RHSA-2022:7529",{"_key":68},"RHSA-2022:8057",{"_key":70},"RHSA-2023:0407",{"_key":72},"RHSA-2023:2758",{"_key":74},"RHSA-2023:2802",[],[77,78,79,80,81,82],{"_key":34},{"_key":36},{"_key":40},{"_key":42},{"_key":44},{"_key":46},"2022-08-09T00:00:00.000Z","2024-08-03T05:48:36.830Z","Modified",{"cisa_kev":87,"cisa_ransomware":87,"cisa_vendor":9,"epss_severity":88,"epss_score":89,"severity":90,"severity_score":91,"severity_version":92,"severity_source":93,"severity_vector":94,"severity_status":85},false,"low",0.00026,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[96,103,107,112,117],{"url":97,"sources":98,"tags":101},"https://go.dev/cl/417062",[99,93,100],"cve.org","osv_go",[102],"FIX",{"url":104,"sources":105,"tags":106},"https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3",[99,93,100],[102],{"url":108,"sources":109,"tags":110},"https://go.dev/issue/53614",[99,93,100],[111],"REPORT",{"url":113,"sources":114,"tags":115},"https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",[99,93,100],[116],"WEB",{"url":118,"sources":119,"tags":120},"https://pkg.go.dev/vuln/GO-2022-0521",[99,93],[],[],{"date":123,"score":89,"percentile":124},"2026-06-04",0.07933,[126,130,133,136,139,142,145,148,151,154,157,160,163,166,169,173,176,179,182,185,188,191,194,197,199,201,204,207,210,213,216,219,222,224,227,230,233,237,240,243,246,249,252,255,258,260,262,265,268,271,273,276,279,282,285,288,291,294,297,300,303,306,309,312,314,317,320,323,326,329,332,334,337,340,343,346,349,352,355,358,361,364,367,369,372,375,378,381,384,387],{"date":127,"score":128,"percentile":129},"2025-11-04",0.00013,0.01386,{"date":131,"score":128,"percentile":132},"2025-11-05",0.0141,{"date":134,"score":128,"percentile":135},"2025-11-06",0.01428,{"date":137,"score":128,"percentile":138},"2025-11-07",0.01433,{"date":140,"score":128,"percentile":141},"2025-11-08",0.01437,{"date":143,"score":128,"percentile":144},"2025-11-09",0.01435,{"date":146,"score":128,"percentile":147},"2025-11-10",0.01418,{"date":149,"score":128,"percentile":150},"2025-11-11",0.01429,{"date":152,"score":128,"percentile":153},"2025-11-12",0.01434,{"date":155,"score":128,"percentile":156},"2025-11-13",0.01446,{"date":158,"score":128,"percentile":159},"2025-11-14",0.01453,{"date":161,"score":128,"percentile":162},"2025-11-15",0.01474,{"date":164,"score":128,"percentile":165},"2025-11-16",0.01473,{"date":167,"score":128,"percentile":168},"2025-11-17",0.01463,{"date":170,"score":171,"percentile":172},"2025-11-18",0.00613,0.67372,{"date":174,"score":171,"percentile":175},"2025-11-19",0.67378,{"date":177,"score":171,"percentile":178},"2025-11-20",0.67371,{"date":180,"score":128,"percentile":181},"2025-11-21",0.01526,{"date":183,"score":128,"percentile":184},"2025-11-22",0.01527,{"date":186,"score":128,"percentile":187},"2025-11-23",0.01514,{"date":189,"score":128,"percentile":190},"2025-11-24",0.01509,{"date":192,"score":128,"percentile":193},"2025-11-25",0.01495,{"date":195,"score":128,"percentile":196},"2025-11-26",0.01439,{"date":198,"score":128,"percentile":196},"2025-11-27",{"date":200,"score":128,"percentile":196},"2025-11-28",{"date":202,"score":128,"percentile":203},"2025-11-29",0.01565,{"date":205,"score":128,"percentile":206},"2025-11-30",0.01575,{"date":208,"score":128,"percentile":209},"2025-12-01",0.01602,{"date":211,"score":128,"percentile":212},"2025-12-02",0.01596,{"date":214,"score":128,"percentile":215},"2025-12-03",0.01599,{"date":217,"score":128,"percentile":218},"2025-12-04",0.01569,{"date":220,"score":128,"percentile":221},"2025-12-05",0.01581,{"date":223,"score":128,"percentile":221},"2025-12-06",{"date":225,"score":128,"percentile":226},"2025-12-07",0.01578,{"date":228,"score":128,"percentile":229},"2025-12-08",0.01577,{"date":231,"score":128,"percentile":232},"2025-12-09",0.01594,{"date":234,"score":235,"percentile":236},"2025-12-10",0.00014,0.01915,{"date":238,"score":235,"percentile":239},"2025-12-11",0.01907,{"date":241,"score":235,"percentile":242},"2025-12-12",0.01913,{"date":244,"score":235,"percentile":245},"2025-12-13",0.01896,{"date":247,"score":235,"percentile":248},"2025-12-14",0.01898,{"date":250,"score":235,"percentile":251},"2025-12-15",0.01889,{"date":253,"score":235,"percentile":254},"2025-12-16",0.01884,{"date":256,"score":235,"percentile":257},"2025-12-17",0.019,{"date":259,"score":235,"percentile":248},"2025-12-18",{"date":261,"score":235,"percentile":248},"2025-12-19",{"date":263,"score":235,"percentile":264},"2025-12-20",0.01755,{"date":266,"score":235,"percentile":267},"2025-12-21",0.01763,{"date":269,"score":235,"percentile":270},"2025-12-22",0.01766,{"date":272,"score":235,"percentile":270},"2025-12-23",{"date":274,"score":235,"percentile":275},"2025-12-24",0.01772,{"date":277,"score":235,"percentile":278},"2025-12-25",0.01779,{"date":280,"score":235,"percentile":281},"2025-12-26",0.01782,{"date":283,"score":235,"percentile":284},"2025-12-27",0.01776,{"date":286,"score":128,"percentile":287},"2025-12-28",0.01532,{"date":289,"score":128,"percentile":290},"2025-12-29",0.01524,{"date":292,"score":128,"percentile":293},"2025-12-30",0.01518,{"date":295,"score":128,"percentile":296},"2025-12-31",0.01515,{"date":298,"score":128,"percentile":299},"2026-01-01",0.01538,{"date":301,"score":128,"percentile":302},"2026-01-02",0.01542,{"date":304,"score":128,"percentile":305},"2026-01-03",0.01545,{"date":307,"score":128,"percentile":308},"2026-01-04",0.01513,{"date":310,"score":128,"percentile":311},"2026-01-05",0.0152,{"date":313,"score":128,"percentile":187},"2026-01-06",{"date":315,"score":128,"percentile":316},"2026-01-07",0.01522,{"date":318,"score":128,"percentile":319},"2026-01-08",0.01536,{"date":321,"score":128,"percentile":322},"2026-01-09",0.01551,{"date":324,"score":128,"percentile":325},"2026-01-10",0.0156,{"date":327,"score":128,"percentile":328},"2026-01-11",0.01558,{"date":330,"score":128,"percentile":331},"2026-01-12",0.0154,{"date":333,"score":128,"percentile":319},"2026-01-13",{"date":335,"score":128,"percentile":336},"2026-01-14",0.01541,{"date":338,"score":128,"percentile":339},"2026-01-15",0.0155,{"date":341,"score":235,"percentile":342},"2026-01-16",0.02124,{"date":344,"score":235,"percentile":345},"2026-01-17",0.02128,{"date":347,"score":235,"percentile":348},"2026-01-18",0.02136,{"date":350,"score":235,"percentile":351},"2026-01-19",0.02125,{"date":353,"score":235,"percentile":354},"2026-01-20",0.02111,{"date":356,"score":235,"percentile":357},"2026-01-21",0.02108,{"date":359,"score":235,"percentile":360},"2026-01-22",0.02103,{"date":362,"score":235,"percentile":363},"2026-01-23",0.02114,{"date":365,"score":235,"percentile":366},"2026-01-24",0.02131,{"date":368,"score":235,"percentile":351},"2026-01-25",{"date":370,"score":235,"percentile":371},"2026-01-26",0.0212,{"date":373,"score":235,"percentile":374},"2026-01-27",0.02121,{"date":376,"score":235,"percentile":377},"2026-01-28",0.02123,{"date":379,"score":235,"percentile":380},"2026-01-29",0.02139,{"date":382,"score":235,"percentile":383},"2026-01-30",0.02144,{"date":385,"score":235,"percentile":386},"2026-01-31",0.02165,{"date":388,"score":235,"percentile":389},"2026-02-01",0.02199,[391],{"source":93,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":392,"cvss_v4_0":9},{"baseScore":91,"baseSeverity":393,"vectorString":94,"impactScore":394,"exploitabilityScore":395},"HIGH",6,10,[397,405,420,429,436],{"ecosystem":9,"name":398,"vendor":399,"product":398,"cpe_part":400,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":401},"fedora","fedoraproject","o",[402],{"version":403,"is_range":87,"range_type":404,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35","cpe",{"ecosystem":9,"name":406,"vendor":407,"product":406,"cpe_part":408,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":409},"encoding/xml","go standard library","a",[410,415],{"version":411,"is_range":412,"range_type":99,"version_start":9,"version_start_type":9,"version_end":413,"version_end_type":414,"fixed_in":9},"\u003C 1.17.12",true,"1.17.12","excluding",{"version":416,"is_range":412,"range_type":99,"version_start":417,"version_start_type":418,"version_end":419,"version_end_type":414,"fixed_in":9},">= 1.18.0-0, \u003C 1.18.4","1.18.0-0","including","1.18.4",{"ecosystem":9,"name":421,"vendor":422,"product":421,"cpe_part":408,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":423},"go","golang",[424,426],{"version":425,"is_range":412,"range_type":404,"version_start":9,"version_start_type":9,"version_end":413,"version_end_type":414,"fixed_in":9},"lt1.17.12",{"version":427,"is_range":412,"range_type":404,"version_start":428,"version_start_type":418,"version_end":419,"version_end_type":414,"fixed_in":9},"gte1.18.0_lt1.18.4","1.18.0",{"ecosystem":430,"name":431,"vendor":430,"product":431,"cpe_part":9,"purl_type":422,"purl_namespace":9,"purl_name":431,"source":9,"versions":432},"Go","stdlib",[433],{"version":434,"is_range":412,"range_type":435,"version_start":417,"version_start_type":418,"version_end":419,"version_end_type":414,"fixed_in":9},"gte1_18_0_0_lt1_18_4","semver",{"ecosystem":9,"name":437,"vendor":438,"product":439,"cpe_part":408,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":440},"cloud insights telegraf","netapp","cloud_insights_telegraf",[441],{"version":442,"is_range":87,"range_type":404,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na"]