[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-31015":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":34,"aliases":44,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":53,"related":54,"reserved_at":9,"published_at":56,"modified_at":57,"state":58,"summary":59,"references_raw":67,"kevs":109,"epss":110,"epss_history":113,"metrics":381,"affected":402},"CVE-2022-31015","Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.",null,[11,19],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-248","Uncaught Exception","An exception is thrown from a function, but it is not caught.","weakness","Draft","Base",[],{"_key":20,"id":20,"name":21,"description":22,"type":15,"status":16,"abstraction":23,"likelihood_of_exploit":24,"capec":25},"CWE-362","Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.","Class","Medium",[26,30],{"id":27,"name":28,"techniques":29},"CAPEC-26","Leveraging Race Conditions",[],{"id":31,"name":32,"techniques":33},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[35],{"_key":36,"name":37,"source":38,"url":39,"maturity":40,"reliability_score":41,"verified":42,"type":9,"platforms":43,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_PYLONS_WAITRESS","Waitress","github","https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p","poc",0.3,false,[],[45,46],"GHSA-f5x9-8jwc-25rw","PYSEC-2022-205",[],[49,51],{"_key":50},"OPENSUSE-SU-2025:15108-1",{"_key":52},"DEBIAN-CVE-2022-31015",[],[55],{"_key":50},"2022-05-31T22:50:12.000Z","2025-04-22T17:55:26.641Z","Modified",{"cisa_kev":42,"cisa_ransomware":42,"cisa_vendor":9,"epss_severity":60,"epss_score":61,"severity":62,"severity_score":63,"severity_version":64,"severity_source":65,"severity_vector":66,"severity_status":58},"low",0.00483,"medium",6.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[68,78,87,91,96,100,105],{"url":69,"sources":70,"tags":73},"https://github.com/Pylons/waitress/security/advisories/GHSA-f5x9-8jwc-25rw",[65,71,72],"nvd","osv_pypi",[74,75,76,77],"X Refsource CONFIRM","Third Party Advisory","WEB","Advisory",{"url":79,"sources":80,"tags":81},"https://github.com/Pylons/waitress/issues/374",[65,71,72],[82,83,84,85,75,76,86],"X Refsource MISC","Exploit","Issue Tracking","Patch","REPORT",{"url":88,"sources":89,"tags":90},"https://github.com/Pylons/waitress/pull/377",[65,71,72],[82,84,85,75,76],{"url":92,"sources":93,"tags":94},"https://github.com/Pylons/waitress/commit/4f6789b035610e0552738cdc4b35ca809a592d48",[65,71,72],[82,85,75,76,95],"FIX",{"url":97,"sources":98,"tags":99},"https://nvd.nist.gov/vuln/detail/CVE-2022-31015",[72],[77],{"url":101,"sources":102,"tags":103},"https://github.com/Pylons/waitress",[72],[104],"PACKAGE",{"url":106,"sources":107,"tags":108},"https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2022-205.yaml",[72],[76],[],{"date":111,"score":61,"percentile":112},"2026-06-04",0.65588,[114,118,121,124,127,130,133,136,139,142,145,148,151,154,157,161,164,167,170,173,176,180,183,186,189,192,195,198,201,204,207,210,213,216,219,222,225,228,230,233,236,239,242,244,247,250,253,256,259,262,265,268,271,274,277,279,282,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,329,331,334,337,340,343,346,349,352,355,358,360,363,366,369,372,375,378],{"date":115,"score":116,"percentile":117},"2025-11-04",0.00141,0.34816,{"date":119,"score":116,"percentile":120},"2025-11-05",0.34805,{"date":122,"score":116,"percentile":123},"2025-11-06",0.34803,{"date":125,"score":116,"percentile":126},"2025-11-07",0.34824,{"date":128,"score":116,"percentile":129},"2025-11-08",0.34818,{"date":131,"score":116,"percentile":132},"2025-11-09",0.34801,{"date":134,"score":116,"percentile":135},"2025-11-10",0.34748,{"date":137,"score":116,"percentile":138},"2025-11-11",0.34778,{"date":140,"score":116,"percentile":141},"2025-11-12",0.34822,{"date":143,"score":116,"percentile":144},"2025-11-13",0.34838,{"date":146,"score":116,"percentile":147},"2025-11-14",0.34844,{"date":149,"score":116,"percentile":150},"2025-11-15",0.34843,{"date":152,"score":116,"percentile":153},"2025-11-16",0.34817,{"date":155,"score":116,"percentile":156},"2025-11-17",0.34792,{"date":158,"score":159,"percentile":160},"2025-11-18",0.00463,0.61629,{"date":162,"score":159,"percentile":163},"2025-11-19",0.61644,{"date":165,"score":159,"percentile":166},"2025-11-20",0.61634,{"date":168,"score":116,"percentile":169},"2025-11-21",0.34828,{"date":171,"score":116,"percentile":172},"2025-11-22",0.34832,{"date":174,"score":116,"percentile":175},"2025-11-23",0.348,{"date":177,"score":178,"percentile":179},"2025-11-24",0.00148,0.35871,{"date":181,"score":178,"percentile":182},"2025-11-25",0.35873,{"date":184,"score":178,"percentile":185},"2025-11-26",0.3587,{"date":187,"score":178,"percentile":188},"2025-11-27",0.3588,{"date":190,"score":178,"percentile":191},"2025-11-28",0.35858,{"date":193,"score":178,"percentile":194},"2025-11-29",0.3584,{"date":196,"score":178,"percentile":197},"2025-11-30",0.35827,{"date":199,"score":178,"percentile":200},"2025-12-01",0.35938,{"date":202,"score":178,"percentile":203},"2025-12-02",0.35946,{"date":205,"score":178,"percentile":206},"2025-12-03",0.35942,{"date":208,"score":178,"percentile":209},"2025-12-04",0.35818,{"date":211,"score":178,"percentile":212},"2025-12-05",0.35848,{"date":214,"score":178,"percentile":215},"2025-12-06",0.35836,{"date":217,"score":178,"percentile":218},"2025-12-07",0.35806,{"date":220,"score":178,"percentile":221},"2025-12-08",0.35821,{"date":223,"score":178,"percentile":224},"2025-12-09",0.3586,{"date":226,"score":178,"percentile":227},"2025-12-10",0.35916,{"date":229,"score":178,"percentile":206},"2025-12-11",{"date":231,"score":178,"percentile":232},"2025-12-12",0.35976,{"date":234,"score":178,"percentile":235},"2025-12-13",0.35954,{"date":237,"score":178,"percentile":238},"2025-12-14",0.35925,{"date":240,"score":178,"percentile":241},"2025-12-15",0.35886,{"date":243,"score":178,"percentile":227},"2025-12-16",{"date":245,"score":178,"percentile":246},"2025-12-17",0.35963,{"date":248,"score":178,"percentile":249},"2025-12-18",0.36005,{"date":251,"score":178,"percentile":252},"2025-12-19",0.36022,{"date":254,"score":178,"percentile":255},"2025-12-20",0.36003,{"date":257,"score":178,"percentile":258},"2025-12-21",0.35951,{"date":260,"score":178,"percentile":261},"2025-12-22",0.35926,{"date":263,"score":178,"percentile":264},"2025-12-23",0.35922,{"date":266,"score":178,"percentile":267},"2025-12-24",0.35915,{"date":269,"score":178,"percentile":270},"2025-12-25",0.35979,{"date":272,"score":178,"percentile":273},"2025-12-26",0.35958,{"date":275,"score":178,"percentile":276},"2025-12-27",0.35974,{"date":278,"score":178,"percentile":188},"2025-12-28",{"date":280,"score":178,"percentile":281},"2025-12-29",0.35853,{"date":283,"score":178,"percentile":284},"2025-12-30",0.35843,{"date":286,"score":178,"percentile":287},"2025-12-31",0.359,{"date":289,"score":178,"percentile":290},"2026-01-01",0.36042,{"date":292,"score":178,"percentile":293},"2026-01-02",0.36032,{"date":295,"score":178,"percentile":296},"2026-01-03",0.36017,{"date":298,"score":178,"percentile":299},"2026-01-04",0.35863,{"date":301,"score":178,"percentile":302},"2026-01-05",0.35844,{"date":304,"score":178,"percentile":305},"2026-01-06",0.35854,{"date":307,"score":178,"percentile":308},"2026-01-07",0.35872,{"date":310,"score":178,"percentile":311},"2026-01-08",0.35902,{"date":313,"score":178,"percentile":314},"2026-01-09",0.35898,{"date":316,"score":178,"percentile":317},"2026-01-10",0.35904,{"date":319,"score":178,"percentile":320},"2026-01-11",0.35884,{"date":322,"score":178,"percentile":323},"2026-01-12",0.35822,{"date":325,"score":178,"percentile":326},"2026-01-13",0.35808,{"date":328,"score":178,"percentile":191},"2026-01-14",{"date":330,"score":178,"percentile":302},"2026-01-15",{"date":332,"score":178,"percentile":333},"2026-01-16",0.35862,{"date":335,"score":178,"percentile":336},"2026-01-17",0.35846,{"date":338,"score":178,"percentile":339},"2026-01-18",0.35788,{"date":341,"score":178,"percentile":342},"2026-01-19",0.35747,{"date":344,"score":178,"percentile":345},"2026-01-20",0.35728,{"date":347,"score":178,"percentile":348},"2026-01-21",0.35708,{"date":350,"score":178,"percentile":351},"2026-01-22",0.35695,{"date":353,"score":178,"percentile":354},"2026-01-23",0.35753,{"date":356,"score":178,"percentile":357},"2026-01-24",0.35762,{"date":359,"score":178,"percentile":348},"2026-01-25",{"date":361,"score":178,"percentile":362},"2026-01-26",0.3564,{"date":364,"score":178,"percentile":365},"2026-01-27",0.35634,{"date":367,"score":178,"percentile":368},"2026-01-28",0.35614,{"date":370,"score":178,"percentile":371},"2026-01-29",0.35584,{"date":373,"score":178,"percentile":374},"2026-01-30",0.35579,{"date":376,"score":178,"percentile":377},"2026-01-31",0.35589,{"date":379,"score":178,"percentile":380},"2026-02-01",0.35699,[382,387,397],{"source":65,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":383,"cvss_v4_0":9},{"baseScore":63,"baseSeverity":384,"vectorString":66,"impactScore":385,"exploitabilityScore":386},"MEDIUM",6,7.2,{"source":71,"cvss_v2_0":388,"cvss_v3_0":9,"cvss_v3_1":393,"cvss_v4_0":9},{"baseScore":389,"baseSeverity":9,"vectorString":390,"impactScore":391,"exploitabilityScore":392},4.3,"AV:N/AC:M/Au:N/C:N/I:N/A:P",2.9,8.6,{"baseScore":394,"baseSeverity":384,"vectorString":395,"impactScore":385,"exploitabilityScore":396},5.9,"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",5.6,{"source":72,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":398,"cvss_v4_0":399},{"baseScore":63,"baseSeverity":9,"vectorString":66,"impactScore":385,"exploitabilityScore":386},{"baseScore":400,"baseSeverity":9,"vectorString":401,"impactScore":9,"exploitabilityScore":9},7.1,"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",[403,416,421],{"ecosystem":9,"name":404,"vendor":405,"product":404,"cpe_part":406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":407},"waitress","agendaless","a",[408],{"version":409,"is_range":410,"range_type":411,"version_start":412,"version_start_type":413,"version_end":414,"version_end_type":415,"fixed_in":9},"gte2.1.0_lt2.1.2",true,"cpe","2.1.0","including","2.1.2","excluding",{"ecosystem":9,"name":37,"vendor":417,"product":404,"cpe_part":406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":418},"pylons",[419],{"version":420,"is_range":410,"range_type":65,"version_start":412,"version_start_type":413,"version_end":414,"version_end_type":415,"fixed_in":9},">= 2.1.0, \u003C 2.1.2",{"ecosystem":422,"name":404,"vendor":422,"product":404,"cpe_part":9,"purl_type":423,"purl_namespace":9,"purl_name":404,"source":9,"versions":424},"PyPI","pypi",[425,429],{"version":426,"is_range":410,"range_type":427,"version_start":9,"version_start_type":9,"version_end":428,"version_end_type":415,"fixed_in":9},"lt4f6789b035610e0552738cdc4b35ca809a592d48","ecosystem","4f6789b035610e0552738cdc4b35ca809a592d48",{"version":430,"is_range":410,"range_type":427,"version_start":412,"version_start_type":413,"version_end":414,"version_end_type":415,"fixed_in":9},"gte2_1_0_lt2_1_2"]