[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-41722":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":44,"downstream":45,"duplicates":60,"related":61,"reserved_at":9,"published_at":74,"modified_at":75,"state":76,"summary":77,"references_raw":86,"kevs":111,"epss":112,"epss_history":115,"metrics":386,"affected":392},"CVE-2022-41722","A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[42,43],"GO-2023-1568","BIT-golang-2022-41722",[],[46,48,50,52,54,56,58],{"_key":47},"SUSE-SU-2023:0733-1",{"_key":49},"SUSE-SU-2023:0735-1",{"_key":51},"OPENSUSE-SU-2024:12707-1",{"_key":53},"OPENSUSE-SU-2024:12708-1",{"_key":55},"DEBIAN-CVE-2022-41722",{"_key":57},"RHSA-2023:3366",{"_key":59},"RHSA-2023:1325",[],[62,63,64,65,66,68,70,72],{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":67},"CGA-F3QC-96RJ-FJGQ",{"_key":69},"CGA-G8M9-C378-739X",{"_key":71},"CGA-H65W-X6JC-73GV",{"_key":73},"CGA-725C-VC33-7HWF","2023-02-28T17:19:41.324Z","2025-03-07T17:58:57.055Z","Modified",{"cisa_kev":78,"cisa_ransomware":78,"cisa_vendor":9,"epss_severity":79,"epss_score":80,"severity":81,"severity_score":82,"severity_version":83,"severity_source":84,"severity_vector":85,"severity_status":76},false,"low",0.00333,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[87,95,100,107],{"url":88,"sources":89,"tags":92},"https://go.dev/issue/57274",[90,84,91],"cve.org","osv_go",[93,94],"Issue Tracking","REPORT",{"url":96,"sources":97,"tags":98},"https://go.dev/cl/468123",[90,84,91],[93,99],"FIX",{"url":101,"sources":102,"tags":103},"https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",[90,84,91],[104,105,106],"Mailing List","Vendor Advisory","WEB",{"url":108,"sources":109,"tags":110},"https://pkg.go.dev/vuln/GO-2023-1568",[90,84],[105],[],{"date":113,"score":80,"percentile":114},"2026-06-04",0.56394,[116,120,123,126,128,131,134,137,140,143,145,148,151,154,157,161,164,167,170,173,176,179,182,185,188,191,194,197,201,204,207,210,213,216,219,222,225,228,231,234,238,241,244,247,250,253,256,259,262,265,268,271,274,277,280,283,286,289,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,380,383],{"date":117,"score":118,"percentile":119},"2025-11-04",0.00083,0.25003,{"date":121,"score":118,"percentile":122},"2025-11-05",0.24986,{"date":124,"score":118,"percentile":125},"2025-11-06",0.2499,{"date":127,"score":118,"percentile":125},"2025-11-07",{"date":129,"score":118,"percentile":130},"2025-11-08",0.24992,{"date":132,"score":118,"percentile":133},"2025-11-09",0.24952,{"date":135,"score":118,"percentile":136},"2025-11-10",0.24916,{"date":138,"score":118,"percentile":139},"2025-11-11",0.2492,{"date":141,"score":118,"percentile":142},"2025-11-12",0.24946,{"date":144,"score":118,"percentile":142},"2025-11-13",{"date":146,"score":118,"percentile":147},"2025-11-14",0.24938,{"date":149,"score":118,"percentile":150},"2025-11-15",0.24926,{"date":152,"score":118,"percentile":153},"2025-11-16",0.2488,{"date":155,"score":118,"percentile":156},"2025-11-17",0.24838,{"date":158,"score":159,"percentile":160},"2025-11-18",0.00252,0.45225,{"date":162,"score":159,"percentile":163},"2025-11-19",0.45234,{"date":165,"score":159,"percentile":166},"2025-11-20",0.4524,{"date":168,"score":118,"percentile":169},"2025-11-21",0.24764,{"date":171,"score":118,"percentile":172},"2025-11-22",0.2476,{"date":174,"score":118,"percentile":175},"2025-11-23",0.24708,{"date":177,"score":118,"percentile":178},"2025-11-24",0.2468,{"date":180,"score":118,"percentile":181},"2025-11-25",0.24666,{"date":183,"score":118,"percentile":184},"2025-11-26",0.24656,{"date":186,"score":118,"percentile":187},"2025-11-27",0.24654,{"date":189,"score":118,"percentile":190},"2025-11-28",0.24629,{"date":192,"score":118,"percentile":193},"2025-11-29",0.24617,{"date":195,"score":118,"percentile":196},"2025-11-30",0.2459,{"date":198,"score":199,"percentile":200},"2025-12-01",0.00169,0.38519,{"date":202,"score":199,"percentile":203},"2025-12-02",0.3853,{"date":205,"score":199,"percentile":206},"2025-12-03",0.38529,{"date":208,"score":199,"percentile":209},"2025-12-04",0.38395,{"date":211,"score":199,"percentile":212},"2025-12-05",0.38428,{"date":214,"score":199,"percentile":215},"2025-12-06",0.38426,{"date":217,"score":199,"percentile":218},"2025-12-07",0.38403,{"date":220,"score":199,"percentile":221},"2025-12-08",0.38418,{"date":223,"score":199,"percentile":224},"2025-12-09",0.38459,{"date":226,"score":199,"percentile":227},"2025-12-10",0.38518,{"date":229,"score":199,"percentile":230},"2025-12-11",0.38548,{"date":232,"score":199,"percentile":233},"2025-12-12",0.38581,{"date":235,"score":236,"percentile":237},"2025-12-13",0.00175,0.39413,{"date":239,"score":236,"percentile":240},"2025-12-14",0.39376,{"date":242,"score":236,"percentile":243},"2025-12-15",0.39353,{"date":245,"score":236,"percentile":246},"2025-12-16",0.39382,{"date":248,"score":236,"percentile":249},"2025-12-17",0.39427,{"date":251,"score":236,"percentile":252},"2025-12-18",0.39474,{"date":254,"score":236,"percentile":255},"2025-12-19",0.39489,{"date":257,"score":236,"percentile":258},"2025-12-20",0.39464,{"date":260,"score":236,"percentile":261},"2025-12-21",0.39419,{"date":263,"score":236,"percentile":264},"2025-12-22",0.39391,{"date":266,"score":236,"percentile":267},"2025-12-23",0.39395,{"date":269,"score":236,"percentile":270},"2025-12-24",0.39411,{"date":272,"score":236,"percentile":273},"2025-12-25",0.39463,{"date":275,"score":236,"percentile":276},"2025-12-26",0.39444,{"date":278,"score":236,"percentile":279},"2025-12-27",0.39465,{"date":281,"score":236,"percentile":282},"2025-12-28",0.39361,{"date":284,"score":236,"percentile":285},"2025-12-29",0.39333,{"date":287,"score":236,"percentile":288},"2025-12-30",0.39321,{"date":290,"score":236,"percentile":240},"2025-12-31",{"date":292,"score":236,"percentile":293},"2026-01-01",0.39526,{"date":295,"score":236,"percentile":296},"2026-01-02",0.39503,{"date":298,"score":236,"percentile":299},"2026-01-03",0.39495,{"date":301,"score":236,"percentile":302},"2026-01-04",0.39328,{"date":304,"score":236,"percentile":305},"2026-01-05",0.39303,{"date":307,"score":236,"percentile":308},"2026-01-06",0.39308,{"date":310,"score":236,"percentile":311},"2026-01-07",0.39331,{"date":313,"score":236,"percentile":314},"2026-01-08",0.39355,{"date":316,"score":236,"percentile":317},"2026-01-09",0.39341,{"date":319,"score":236,"percentile":320},"2026-01-10",0.3934,{"date":322,"score":236,"percentile":323},"2026-01-11",0.39316,{"date":325,"score":236,"percentile":326},"2026-01-12",0.39266,{"date":328,"score":236,"percentile":329},"2026-01-13",0.39249,{"date":331,"score":236,"percentile":332},"2026-01-14",0.393,{"date":334,"score":236,"percentile":335},"2026-01-15",0.39293,{"date":337,"score":236,"percentile":338},"2026-01-16",0.39313,{"date":340,"score":236,"percentile":341},"2026-01-17",0.39285,{"date":343,"score":236,"percentile":344},"2026-01-18",0.39236,{"date":346,"score":236,"percentile":347},"2026-01-19",0.39207,{"date":349,"score":236,"percentile":350},"2026-01-20",0.39185,{"date":352,"score":236,"percentile":353},"2026-01-21",0.39179,{"date":355,"score":236,"percentile":356},"2026-01-22",0.39171,{"date":358,"score":236,"percentile":359},"2026-01-23",0.39232,{"date":361,"score":236,"percentile":362},"2026-01-24",0.39238,{"date":364,"score":236,"percentile":365},"2026-01-25",0.39191,{"date":367,"score":236,"percentile":368},"2026-01-26",0.39132,{"date":370,"score":236,"percentile":371},"2026-01-27",0.39131,{"date":373,"score":236,"percentile":374},"2026-01-28",0.39121,{"date":376,"score":236,"percentile":377},"2026-01-29",0.39101,{"date":379,"score":236,"percentile":377},"2026-01-30",{"date":381,"score":236,"percentile":382},"2026-01-31",0.39108,{"date":384,"score":236,"percentile":385},"2026-02-01",0.39213,[387],{"source":84,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":388,"cvss_v4_0":9},{"baseScore":82,"baseSeverity":389,"vectorString":85,"impactScore":390,"exploitabilityScore":391},"HIGH",6,10,[393,408,417],{"ecosystem":9,"name":394,"vendor":395,"product":394,"cpe_part":396,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":397},"path/filepath","go standard library","a",[398,403],{"version":399,"is_range":400,"range_type":90,"version_start":9,"version_start_type":9,"version_end":401,"version_end_type":402,"fixed_in":9},"\u003C 1.19.6",true,"1.19.6","excluding",{"version":404,"is_range":400,"range_type":90,"version_start":405,"version_start_type":406,"version_end":407,"version_end_type":402,"fixed_in":9},">= 1.20.0-0, \u003C 1.20.1","1.20.0-0","including","1.20.1",{"ecosystem":9,"name":409,"vendor":410,"product":409,"cpe_part":396,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":411},"go","golang",[412,415],{"version":413,"is_range":400,"range_type":414,"version_start":9,"version_start_type":9,"version_end":401,"version_end_type":402,"fixed_in":9},"lt1.19.6","cpe",{"version":416,"is_range":78,"range_type":414,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.20.0",{"ecosystem":418,"name":419,"vendor":418,"product":419,"cpe_part":9,"purl_type":410,"purl_namespace":9,"purl_name":419,"source":9,"versions":420},"Go","stdlib",[421],{"version":422,"is_range":400,"range_type":423,"version_start":405,"version_start_type":406,"version_end":407,"version_end_type":402,"fixed_in":9},"gte1_20_0_0_lt1_20_1","semver"]