[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-41853":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":30,"aliases":31,"duplicate_of":9,"upstream":33,"downstream":34,"duplicates":61,"related":62,"reserved_at":9,"published_at":65,"modified_at":66,"state":67,"summary":68,"references_raw":76,"kevs":109,"epss":110,"epss_history":113,"metrics":336,"affected":349},"CVE-2022-41853","Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property \"hsqldb.method_class_names\" to classes which are allowed to be called. For example, System.setProperty(\"hsqldb.method_class_names\", \"abc\") or Java argument -Dhsqldb.method_class_names=\"abc\" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.",null,[11,23],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-470","Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')","The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-138","Reflection Injection",[],{"_key":24,"id":24,"name":25,"description":26,"type":27,"status":28,"abstraction":9,"likelihood_of_exploit":9,"capec":29},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[32],"GHSA-77xx-rxvh-q682",[],[35,37,39,41,43,45,47,49,51,53,55,57,59],{"_key":36},"RHSA-2022:8559",{"_key":38},"RHSA-2022:8560",{"_key":40},"SUSE-SU-2022:3864-1",{"_key":42},"SUSE-SU-2022:3823-1",{"_key":44},"DLA-3234-1",{"_key":46},"DSA-5313-1",{"_key":48},"DEBIAN-CVE-2022-41853",{"_key":50},"UBUNTU-CVE-2022-41853",{"_key":52},"RHSA-2024:10208",{"_key":54},"RHSA-2024:10207",{"_key":56},"RHSA-2023:1512",{"_key":58},"RHSA-2023:1513",{"_key":60},"RHSA-2023:1514",[],[63,64],{"_key":40},{"_key":42},"2022-10-06T17:14:43.225Z","2025-04-21T13:48:46.363Z","Modified",{"cisa_kev":69,"cisa_ransomware":69,"cisa_vendor":9,"epss_severity":70,"epss_score":71,"severity":70,"severity_score":72,"severity_version":73,"severity_source":74,"severity_vector":75,"severity_status":67},false,"critical",0.70144,9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[77,86,90,94,99,104],{"url":78,"sources":79,"tags":82},"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7",[80,74,81],"cve.org","osv_maven",[83,84,85],"Mailing List","Third Party Advisory","WEB",{"url":87,"sources":88,"tags":89},"http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control",[80,74,81],[84,85],{"url":91,"sources":92,"tags":93},"https://lists.debian.org/debian-lts-announce/2022/12/msg00020.html",[80,74,81],[83,84,85],{"url":95,"sources":96,"tags":97},"https://www.debian.org/security/2023/dsa-5313",[80,74,81],[98,84,85],"Vendor Advisory",{"url":100,"sources":101,"tags":102},"https://nvd.nist.gov/vuln/detail/CVE-2022-41853",[81],[103],"Advisory",{"url":105,"sources":106,"tags":107},"https://sourceforge.net/projects/hsqldb",[81],[108],"PACKAGE",[],{"date":111,"score":71,"percentile":112},"2026-06-04",0.98694,[114,118,121,124,127,129,131,133,135,137,139,141,143,145,147,151,154,157,159,161,164,166,168,170,172,176,179,181,184,187,190,193,196,199,201,203,205,208,211,214,216,219,221,223,225,228,230,233,235,237,239,241,244,246,249,252,254,256,259,262,265,268,271,274,276,278,281,284,286,288,290,292,294,296,298,301,303,305,307,309,311,314,316,318,321,323,326,328,330,333],{"date":115,"score":116,"percentile":117},"2025-11-04",0.70393,0.98613,{"date":119,"score":116,"percentile":120},"2025-11-05",0.98612,{"date":122,"score":116,"percentile":123},"2025-11-06",0.98611,{"date":125,"score":116,"percentile":126},"2025-11-07",0.9861,{"date":128,"score":116,"percentile":126},"2025-11-08",{"date":130,"score":116,"percentile":126},"2025-11-09",{"date":132,"score":116,"percentile":123},"2025-11-10",{"date":134,"score":116,"percentile":123},"2025-11-11",{"date":136,"score":116,"percentile":120},"2025-11-12",{"date":138,"score":116,"percentile":117},"2025-11-13",{"date":140,"score":116,"percentile":117},"2025-11-14",{"date":142,"score":116,"percentile":123},"2025-11-15",{"date":144,"score":116,"percentile":117},"2025-11-16",{"date":146,"score":116,"percentile":117},"2025-11-17",{"date":148,"score":149,"percentile":150},"2025-11-18",0.40035,0.97156,{"date":152,"score":149,"percentile":153},"2025-11-19",0.97157,{"date":155,"score":149,"percentile":156},"2025-11-20",0.97159,{"date":158,"score":116,"percentile":120},"2025-11-21",{"date":160,"score":116,"percentile":126},"2025-11-22",{"date":162,"score":116,"percentile":163},"2025-11-23",0.98609,{"date":165,"score":116,"percentile":163},"2025-11-24",{"date":167,"score":116,"percentile":123},"2025-11-25",{"date":169,"score":116,"percentile":123},"2025-11-26",{"date":171,"score":116,"percentile":123},"2025-11-27",{"date":173,"score":174,"percentile":175},"2025-11-28",0.7449,0.98783,{"date":177,"score":174,"percentile":178},"2025-11-29",0.98784,{"date":180,"score":174,"percentile":178},"2025-11-30",{"date":182,"score":116,"percentile":183},"2025-12-01",0.98624,{"date":185,"score":116,"percentile":186},"2025-12-02",0.98626,{"date":188,"score":116,"percentile":189},"2025-12-03",0.98628,{"date":191,"score":174,"percentile":192},"2025-12-04",0.98786,{"date":194,"score":174,"percentile":195},"2025-12-05",0.98788,{"date":197,"score":174,"percentile":198},"2025-12-06",0.98787,{"date":200,"score":174,"percentile":195},"2025-12-07",{"date":202,"score":174,"percentile":195},"2025-12-08",{"date":204,"score":174,"percentile":195},"2025-12-09",{"date":206,"score":174,"percentile":207},"2025-12-10",0.98789,{"date":209,"score":174,"percentile":210},"2025-12-11",0.9879,{"date":212,"score":174,"percentile":213},"2025-12-12",0.98791,{"date":215,"score":174,"percentile":213},"2025-12-13",{"date":217,"score":174,"percentile":218},"2025-12-14",0.98792,{"date":220,"score":174,"percentile":213},"2025-12-15",{"date":222,"score":174,"percentile":213},"2025-12-16",{"date":224,"score":174,"percentile":218},"2025-12-17",{"date":226,"score":174,"percentile":227},"2025-12-18",0.98794,{"date":229,"score":174,"percentile":227},"2025-12-19",{"date":231,"score":174,"percentile":232},"2025-12-20",0.98795,{"date":234,"score":174,"percentile":227},"2025-12-21",{"date":236,"score":174,"percentile":232},"2025-12-22",{"date":238,"score":174,"percentile":232},"2025-12-23",{"date":240,"score":174,"percentile":232},"2025-12-24",{"date":242,"score":174,"percentile":243},"2025-12-25",0.98796,{"date":245,"score":174,"percentile":243},"2025-12-26",{"date":247,"score":174,"percentile":248},"2025-12-27",0.98806,{"date":250,"score":174,"percentile":251},"2025-12-28",0.98797,{"date":253,"score":174,"percentile":251},"2025-12-29",{"date":255,"score":174,"percentile":251},"2025-12-30",{"date":257,"score":174,"percentile":258},"2025-12-31",0.98799,{"date":260,"score":116,"percentile":261},"2026-01-01",0.98642,{"date":263,"score":116,"percentile":264},"2026-01-02",0.98641,{"date":266,"score":116,"percentile":267},"2026-01-03",0.9864,{"date":269,"score":174,"percentile":270},"2026-01-04",0.988,{"date":272,"score":174,"percentile":273},"2026-01-05",0.98801,{"date":275,"score":174,"percentile":273},"2026-01-06",{"date":277,"score":174,"percentile":273},"2026-01-07",{"date":279,"score":174,"percentile":280},"2026-01-08",0.98802,{"date":282,"score":174,"percentile":283},"2026-01-09",0.98803,{"date":285,"score":174,"percentile":283},"2026-01-10",{"date":287,"score":174,"percentile":280},"2026-01-11",{"date":289,"score":174,"percentile":280},"2026-01-12",{"date":291,"score":174,"percentile":280},"2026-01-13",{"date":293,"score":174,"percentile":283},"2026-01-14",{"date":295,"score":71,"percentile":183},"2026-01-15",{"date":297,"score":71,"percentile":183},"2026-01-16",{"date":299,"score":71,"percentile":300},"2026-01-17",0.98625,{"date":302,"score":71,"percentile":300},"2026-01-18",{"date":304,"score":71,"percentile":186},"2026-01-19",{"date":306,"score":71,"percentile":300},"2026-01-20",{"date":308,"score":71,"percentile":186},"2026-01-21",{"date":310,"score":71,"percentile":189},"2026-01-22",{"date":312,"score":71,"percentile":313},"2026-01-23",0.98629,{"date":315,"score":71,"percentile":313},"2026-01-24",{"date":317,"score":71,"percentile":313},"2026-01-25",{"date":319,"score":71,"percentile":320},"2026-01-26",0.9863,{"date":322,"score":71,"percentile":320},"2026-01-27",{"date":324,"score":71,"percentile":325},"2026-01-28",0.98632,{"date":327,"score":71,"percentile":325},"2026-01-29",{"date":329,"score":71,"percentile":325},"2026-01-30",{"date":331,"score":71,"percentile":332},"2026-01-31",0.98631,{"date":334,"score":116,"percentile":335},"2026-02-01",0.98651,[337,344,347],{"source":80,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":338,"cvss_v4_0":9},{"baseScore":339,"baseSeverity":340,"vectorString":341,"impactScore":342,"exploitabilityScore":343},8,"HIGH","CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",10,3.3,{"source":74,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":345,"cvss_v4_0":9},{"baseScore":72,"baseSeverity":346,"vectorString":75,"impactScore":72,"exploitabilityScore":342},"CRITICAL",{"source":81,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":348,"cvss_v4_0":9},{"baseScore":72,"baseSeverity":9,"vectorString":75,"impactScore":72,"exploitabilityScore":342},[350,361,372,378],{"ecosystem":9,"name":351,"vendor":352,"product":353,"cpe_part":354,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":355},"debian linux","debian","debian_linux","o",[356,359],{"version":357,"is_range":69,"range_type":358,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"version":360,"is_range":69,"range_type":358,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":9,"name":362,"vendor":363,"product":364,"cpe_part":365,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":366},"hypersql database","hsqldb","hypersql_database","a",[367],{"version":368,"is_range":369,"range_type":358,"version_start":9,"version_start_type":9,"version_end":370,"version_end_type":371,"fixed_in":9},"lt2.7.1",true,"2.7.1","excluding",{"ecosystem":9,"name":363,"vendor":362,"product":363,"cpe_part":365,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":373},[374],{"version":375,"is_range":369,"range_type":80,"version_start":376,"version_start_type":377,"version_end":370,"version_end_type":371,"fixed_in":9},">= unspecified, \u003C 2.7.1","unspecified","including",{"ecosystem":379,"name":380,"vendor":381,"product":363,"cpe_part":9,"purl_type":382,"purl_namespace":381,"purl_name":363,"source":9,"versions":383},"Maven","org.hsqldb:hsqldb","org.hsqldb","maven",[384],{"version":385,"is_range":369,"range_type":386,"version_start":9,"version_start_type":9,"version_end":370,"version_end_type":371,"fixed_in":9},"lt2_7_1","ecosystem"]