[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-29804":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":44,"downstream":45,"duplicates":56,"related":57,"reserved_at":9,"published_at":63,"modified_at":64,"state":65,"summary":66,"references_raw":75,"kevs":101,"epss":102,"epss_history":105,"metrics":375,"affected":381},"CVE-2022-29804","Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[42,43],"GO-2022-0533","BIT-golang-2022-29804",[],[46,48,50,52,54],{"_key":47},"SUSE-SU-2022:2004-1",{"_key":49},"SUSE-SU-2022:2005-1",{"_key":51},"SUSE-SU-2023:2312-1",{"_key":53},"OPENSUSE-SU-2024:12123-1",{"_key":55},"OPENSUSE-SU-2024:12124-1",[],[58,59,60,61,62],{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},"2022-08-09T00:00:00.000Z","2024-08-03T06:33:42.804Z","Modified",{"cisa_kev":67,"cisa_ransomware":67,"cisa_vendor":9,"epss_severity":68,"epss_score":69,"severity":70,"severity_score":71,"severity_version":72,"severity_source":73,"severity_vector":74,"severity_status":65},false,"low",0.00048,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[76,83,87,92,97],{"url":77,"sources":78,"tags":81},"https://go.dev/cl/401595",[79,73,80],"cve.org","osv_go",[82],"FIX",{"url":84,"sources":85,"tags":86},"https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290",[79,73,80],[82],{"url":88,"sources":89,"tags":90},"https://go.dev/issue/52476",[79,73,80],[91],"REPORT",{"url":93,"sources":94,"tags":95},"https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ",[79,73,80],[96],"WEB",{"url":98,"sources":99,"tags":100},"https://pkg.go.dev/vuln/GO-2022-0533",[79,73],[],[],{"date":103,"score":69,"percentile":104},"2026-06-04",0.15308,[106,110,113,115,118,121,123,126,129,132,135,138,141,144,147,151,154,157,160,163,166,169,172,175,178,181,184,187,191,194,197,200,203,206,209,212,215,218,221,224,227,229,231,234,237,240,243,246,249,252,255,259,262,265,268,271,274,277,280,284,287,290,293,296,299,302,305,308,311,314,317,320,323,326,328,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372],{"date":107,"score":108,"percentile":109},"2025-11-04",0.00165,0.38108,{"date":111,"score":108,"percentile":112},"2025-11-05",0.38102,{"date":114,"score":108,"percentile":112},"2025-11-06",{"date":116,"score":108,"percentile":117},"2025-11-07",0.38124,{"date":119,"score":108,"percentile":120},"2025-11-08",0.38125,{"date":122,"score":108,"percentile":109},"2025-11-09",{"date":124,"score":108,"percentile":125},"2025-11-10",0.3807,{"date":127,"score":108,"percentile":128},"2025-11-11",0.38093,{"date":130,"score":108,"percentile":131},"2025-11-12",0.38134,{"date":133,"score":108,"percentile":134},"2025-11-13",0.38147,{"date":136,"score":108,"percentile":137},"2025-11-14",0.38149,{"date":139,"score":108,"percentile":140},"2025-11-15",0.38144,{"date":142,"score":108,"percentile":143},"2025-11-16",0.38126,{"date":145,"score":108,"percentile":146},"2025-11-17",0.38106,{"date":148,"score":149,"percentile":150},"2025-11-18",0.00766,0.7128,{"date":152,"score":149,"percentile":153},"2025-11-19",0.71287,{"date":155,"score":149,"percentile":156},"2025-11-20",0.71295,{"date":158,"score":108,"percentile":159},"2025-11-21",0.38109,{"date":161,"score":108,"percentile":162},"2025-11-22",0.38113,{"date":164,"score":108,"percentile":165},"2025-11-23",0.38078,{"date":167,"score":108,"percentile":168},"2025-11-24",0.38066,{"date":170,"score":108,"percentile":171},"2025-11-25",0.38076,{"date":173,"score":108,"percentile":174},"2025-11-26",0.38067,{"date":176,"score":108,"percentile":177},"2025-11-27",0.38075,{"date":179,"score":108,"percentile":180},"2025-11-28",0.38048,{"date":182,"score":108,"percentile":183},"2025-11-29",0.38027,{"date":185,"score":108,"percentile":186},"2025-11-30",0.38014,{"date":188,"score":189,"percentile":190},"2025-12-01",0.00124,0.32299,{"date":192,"score":189,"percentile":193},"2025-12-02",0.32327,{"date":195,"score":189,"percentile":196},"2025-12-03",0.32325,{"date":198,"score":108,"percentile":199},"2025-12-04",0.38009,{"date":201,"score":108,"percentile":202},"2025-12-05",0.38043,{"date":204,"score":108,"percentile":205},"2025-12-06",0.38041,{"date":207,"score":108,"percentile":208},"2025-12-07",0.38017,{"date":210,"score":108,"percentile":211},"2025-12-08",0.38032,{"date":213,"score":108,"percentile":214},"2025-12-09",0.38072,{"date":216,"score":108,"percentile":217},"2025-12-10",0.38133,{"date":219,"score":108,"percentile":220},"2025-12-11",0.38158,{"date":222,"score":108,"percentile":223},"2025-12-12",0.38192,{"date":225,"score":108,"percentile":226},"2025-12-13",0.38169,{"date":228,"score":108,"percentile":217},"2025-12-14",{"date":230,"score":108,"percentile":146},"2025-12-15",{"date":232,"score":108,"percentile":233},"2025-12-16",0.38138,{"date":235,"score":108,"percentile":236},"2025-12-17",0.38183,{"date":238,"score":108,"percentile":239},"2025-12-18",0.38227,{"date":241,"score":108,"percentile":242},"2025-12-19",0.38249,{"date":244,"score":108,"percentile":245},"2025-12-20",0.38229,{"date":247,"score":108,"percentile":248},"2025-12-21",0.38176,{"date":250,"score":108,"percentile":251},"2025-12-22",0.3815,{"date":253,"score":108,"percentile":254},"2025-12-23",0.38151,{"date":256,"score":257,"percentile":258},"2025-12-24",0.00082,0.24551,{"date":260,"score":257,"percentile":261},"2025-12-25",0.24633,{"date":263,"score":257,"percentile":264},"2025-12-26",0.24619,{"date":266,"score":257,"percentile":267},"2025-12-27",0.24613,{"date":269,"score":257,"percentile":270},"2025-12-28",0.24483,{"date":272,"score":257,"percentile":273},"2025-12-29",0.24452,{"date":275,"score":257,"percentile":276},"2025-12-30",0.24447,{"date":278,"score":257,"percentile":279},"2025-12-31",0.24521,{"date":281,"score":282,"percentile":283},"2026-01-01",0.00054,0.17101,{"date":285,"score":282,"percentile":286},"2026-01-02",0.1709,{"date":288,"score":282,"percentile":289},"2026-01-03",0.17071,{"date":291,"score":257,"percentile":292},"2026-01-04",0.24497,{"date":294,"score":257,"percentile":295},"2026-01-05",0.24479,{"date":297,"score":257,"percentile":298},"2026-01-06",0.24488,{"date":300,"score":257,"percentile":301},"2026-01-07",0.24519,{"date":303,"score":257,"percentile":304},"2026-01-08",0.24564,{"date":306,"score":257,"percentile":307},"2026-01-09",0.24543,{"date":309,"score":257,"percentile":310},"2026-01-10",0.24515,{"date":312,"score":257,"percentile":313},"2026-01-11",0.24493,{"date":315,"score":257,"percentile":316},"2026-01-12",0.24458,{"date":318,"score":257,"percentile":319},"2026-01-13",0.24435,{"date":321,"score":257,"percentile":322},"2026-01-14",0.24496,{"date":324,"score":257,"percentile":325},"2026-01-15",0.24489,{"date":327,"score":257,"percentile":301},"2026-01-16",{"date":329,"score":257,"percentile":279},"2026-01-17",{"date":331,"score":257,"percentile":332},"2026-01-18",0.24494,{"date":334,"score":257,"percentile":335},"2026-01-19",0.24451,{"date":337,"score":257,"percentile":338},"2026-01-20",0.24433,{"date":340,"score":257,"percentile":341},"2026-01-21",0.24382,{"date":343,"score":257,"percentile":344},"2026-01-22",0.24366,{"date":346,"score":257,"percentile":347},"2026-01-23",0.24449,{"date":349,"score":257,"percentile":350},"2026-01-24",0.24457,{"date":352,"score":257,"percentile":353},"2026-01-25",0.24376,{"date":355,"score":257,"percentile":356},"2026-01-26",0.24276,{"date":358,"score":257,"percentile":359},"2026-01-27",0.2427,{"date":361,"score":257,"percentile":362},"2026-01-28",0.24265,{"date":364,"score":257,"percentile":365},"2026-01-29",0.2422,{"date":367,"score":257,"percentile":368},"2026-01-30",0.24205,{"date":370,"score":257,"percentile":371},"2026-01-31",0.24201,{"date":373,"score":282,"percentile":374},"2026-02-01",0.16835,[376],{"source":73,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":377,"cvss_v4_0":9},{"baseScore":71,"baseSeverity":378,"vectorString":74,"impactScore":379,"exploitabilityScore":380},"HIGH",6,10,[382,397,407],{"ecosystem":9,"name":383,"vendor":384,"product":383,"cpe_part":385,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":386},"path/filepath","go standard library","a",[387,392],{"version":388,"is_range":389,"range_type":79,"version_start":9,"version_start_type":9,"version_end":390,"version_end_type":391,"fixed_in":9},"\u003C 1.17.11",true,"1.17.11","excluding",{"version":393,"is_range":389,"range_type":79,"version_start":394,"version_start_type":395,"version_end":396,"version_end_type":391,"fixed_in":9},">= 1.18.0-0, \u003C 1.18.3","1.18.0-0","including","1.18.3",{"ecosystem":9,"name":398,"vendor":399,"product":398,"cpe_part":385,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":400},"go","golang",[401,404],{"version":402,"is_range":389,"range_type":403,"version_start":9,"version_start_type":9,"version_end":390,"version_end_type":391,"fixed_in":9},"lt1.17.11","cpe",{"version":405,"is_range":389,"range_type":403,"version_start":406,"version_start_type":395,"version_end":396,"version_end_type":391,"fixed_in":9},"gte1.18.0_lt1.18.3","1.18.0",{"ecosystem":408,"name":409,"vendor":408,"product":409,"cpe_part":9,"purl_type":399,"purl_namespace":9,"purl_name":409,"source":9,"versions":410},"Go","stdlib",[411],{"version":412,"is_range":389,"range_type":413,"version_start":394,"version_start_type":395,"version_end":396,"version_end_type":391,"fixed_in":9},"gte1_18_0_0_lt1_18_3","semver"]