[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-39318":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":48,"downstream":49,"duplicates":102,"related":103,"reserved_at":9,"published_at":119,"modified_at":120,"state":121,"summary":122,"references_raw":131,"kevs":167,"epss":168,"epss_history":171,"metrics":435,"affected":441},"CVE-2023-39318","The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003Cscript> contexts. This may cause the template parser to improperly interpret the contents of \u003Cscript> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46,47],"GO-2023-2041","BIT-golang-2023-39318",[],[50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100],{"_key":51},"SUSE-SU-2023:3840-1",{"_key":53},"OPENSUSE-SU-2023:0360-1",{"_key":55},"SUSE-SU-2023:3700-1",{"_key":57},"SUSE-SU-2023:3701-1",{"_key":59},"SUSE-SU-2023:4469-1",{"_key":61},"OPENSUSE-SU-2024:13216-1",{"_key":63},"OPENSUSE-SU-2024:13217-1",{"_key":65},"USN-6574-1",{"_key":67},"USN-7061-1",{"_key":69},"DEBIAN-CVE-2023-39318",{"_key":71},"UBUNTU-CVE-2023-39318",{"_key":73},"USN-7109-1",{"_key":75},"RHBA-2023:6364",{"_key":77},"RHBA-2023:6928",{"_key":79},"RHSA-2023:7762",{"_key":81},"RHSA-2023:7764",{"_key":83},"RHSA-2023:7765",{"_key":85},"RHSA-2023:7766",{"_key":87},"RHSA-2024:0121",{"_key":89},"RHSA-2023:5008",{"_key":91},"RHSA-2023:5009",{"_key":93},"RHSA-2023:6840",{"_key":95},"RHSA-2024:2160",{"_key":97},"RHSA-2024:2988",{"_key":99},"RHSA-2024:3352",{"_key":101},"RHSA-2024:3467",[],[104,105,106,107,108,109,110,111,113,115,117],{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":112},"CGA-CHJG-48J4-GF85",{"_key":114},"CGA-JH9G-37WG-XGW7",{"_key":116},"CGA-VVMJ-M8JV-Q296",{"_key":118},"CGA-924C-64FP-86W2","2023-09-08T16:13:24.063Z","2025-02-13T17:02:46.777Z","Modified",{"cisa_kev":123,"cisa_ransomware":123,"cisa_vendor":9,"epss_severity":124,"epss_score":125,"severity":126,"severity_score":127,"severity_version":128,"severity_source":129,"severity_vector":130,"severity_status":121},false,"low",0.00087,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[132,140,146,153,158,163],{"url":133,"sources":134,"tags":137},"https://go.dev/issue/62196",[135,129,136],"cve.org","osv_go",[138,139],"Issue Tracking","REPORT",{"url":141,"sources":142,"tags":143},"https://go.dev/cl/526156",[135,129,136],[144,145],"Patch","FIX",{"url":147,"sources":148,"tags":149},"https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",[135,129,136],[150,151,152],"Mailing List","Release Notes","WEB",{"url":154,"sources":155,"tags":156},"https://pkg.go.dev/vuln/GO-2023-2041",[135,129],[157],"Vendor Advisory",{"url":159,"sources":160,"tags":161},"https://security.netapp.com/advisory/ntap-20231020-0009/",[135,129],[162],"Third Party Advisory",{"url":164,"sources":165,"tags":166},"https://security.gentoo.org/glsa/202311-09",[135,129],[],[],{"date":169,"score":125,"percentile":170},"2026-06-04",0.24918,[172,176,179,182,185,187,190,193,196,199,201,204,207,210,213,217,220,223,226,229,232,235,238,241,244,247,250,253,256,259,261,264,267,269,272,275,278,281,284,287,290,293,296,299,302,305,308,311,314,316,318,321,324,327,329,332,335,338,341,344,347,350,352,355,358,361,364,367,370,373,376,379,382,384,387,390,393,396,399,402,405,408,411,414,417,420,423,426,429,432],{"date":173,"score":174,"percentile":175},"2025-11-04",0.00085,0.25307,{"date":177,"score":174,"percentile":178},"2025-11-05",0.25288,{"date":180,"score":174,"percentile":181},"2025-11-06",0.25295,{"date":183,"score":174,"percentile":184},"2025-11-07",0.25293,{"date":186,"score":174,"percentile":181},"2025-11-08",{"date":188,"score":174,"percentile":189},"2025-11-09",0.25254,{"date":191,"score":174,"percentile":192},"2025-11-10",0.25217,{"date":194,"score":174,"percentile":195},"2025-11-11",0.25221,{"date":197,"score":174,"percentile":198},"2025-11-12",0.25246,{"date":200,"score":174,"percentile":198},"2025-11-13",{"date":202,"score":174,"percentile":203},"2025-11-14",0.25241,{"date":205,"score":174,"percentile":206},"2025-11-15",0.25231,{"date":208,"score":174,"percentile":209},"2025-11-16",0.25183,{"date":211,"score":174,"percentile":212},"2025-11-17",0.2514,{"date":214,"score":215,"percentile":216},"2025-11-18",0.0096,0.74527,{"date":218,"score":215,"percentile":219},"2025-11-19",0.74535,{"date":221,"score":215,"percentile":222},"2025-11-20",0.74543,{"date":224,"score":174,"percentile":225},"2025-11-21",0.25061,{"date":227,"score":174,"percentile":228},"2025-11-22",0.25057,{"date":230,"score":174,"percentile":231},"2025-11-23",0.25006,{"date":233,"score":174,"percentile":234},"2025-11-24",0.24979,{"date":236,"score":174,"percentile":237},"2025-11-25",0.24964,{"date":239,"score":174,"percentile":240},"2025-11-26",0.24952,{"date":242,"score":174,"percentile":243},"2025-11-27",0.2495,{"date":245,"score":174,"percentile":246},"2025-11-28",0.24924,{"date":248,"score":174,"percentile":249},"2025-11-29",0.24915,{"date":251,"score":174,"percentile":252},"2025-11-30",0.24889,{"date":254,"score":174,"percentile":255},"2025-12-01",0.24929,{"date":257,"score":174,"percentile":258},"2025-12-02",0.24954,{"date":260,"score":174,"percentile":237},"2025-12-03",{"date":262,"score":174,"percentile":263},"2025-12-04",0.24894,{"date":265,"score":174,"percentile":266},"2025-12-05",0.24947,{"date":268,"score":174,"percentile":266},"2025-12-06",{"date":270,"score":174,"percentile":271},"2025-12-07",0.24914,{"date":273,"score":174,"percentile":274},"2025-12-08",0.24921,{"date":276,"score":174,"percentile":277},"2025-12-09",0.24975,{"date":279,"score":174,"percentile":280},"2025-12-10",0.25042,{"date":282,"score":174,"percentile":283},"2025-12-11",0.25055,{"date":285,"score":174,"percentile":286},"2025-12-12",0.2507,{"date":288,"score":174,"percentile":289},"2025-12-13",0.25071,{"date":291,"score":174,"percentile":292},"2025-12-14",0.25046,{"date":294,"score":174,"percentile":295},"2025-12-15",0.25018,{"date":297,"score":174,"percentile":298},"2025-12-16",0.25036,{"date":300,"score":174,"percentile":301},"2025-12-17",0.25112,{"date":303,"score":174,"percentile":304},"2025-12-18",0.25171,{"date":306,"score":174,"percentile":307},"2025-12-19",0.25187,{"date":309,"score":174,"percentile":310},"2025-12-20",0.25156,{"date":312,"score":174,"percentile":313},"2025-12-21",0.25106,{"date":315,"score":174,"percentile":225},"2025-12-22",{"date":317,"score":174,"percentile":298},"2025-12-23",{"date":319,"score":174,"percentile":320},"2025-12-24",0.25045,{"date":322,"score":174,"percentile":323},"2025-12-25",0.25122,{"date":325,"score":174,"percentile":326},"2025-12-26",0.25109,{"date":328,"score":174,"percentile":313},"2025-12-27",{"date":330,"score":174,"percentile":331},"2025-12-28",0.24977,{"date":333,"score":174,"percentile":334},"2025-12-29",0.24945,{"date":336,"score":174,"percentile":337},"2025-12-30",0.2494,{"date":339,"score":174,"percentile":340},"2025-12-31",0.25002,{"date":342,"score":174,"percentile":343},"2026-01-01",0.25102,{"date":345,"score":174,"percentile":346},"2026-01-02",0.25094,{"date":348,"score":174,"percentile":349},"2026-01-03",0.25077,{"date":351,"score":174,"percentile":234},"2026-01-04",{"date":353,"score":174,"percentile":354},"2026-01-05",0.24959,{"date":356,"score":174,"percentile":357},"2026-01-06",0.24966,{"date":359,"score":174,"percentile":360},"2026-01-07",0.24995,{"date":362,"score":174,"percentile":363},"2026-01-08",0.2504,{"date":365,"score":174,"percentile":366},"2026-01-09",0.25017,{"date":368,"score":174,"percentile":369},"2026-01-10",0.24988,{"date":371,"score":174,"percentile":372},"2026-01-11",0.24965,{"date":374,"score":174,"percentile":375},"2026-01-12",0.24927,{"date":377,"score":174,"percentile":378},"2026-01-13",0.24903,{"date":380,"score":174,"percentile":381},"2026-01-14",0.2496,{"date":383,"score":174,"percentile":243},"2026-01-15",{"date":385,"score":174,"percentile":386},"2026-01-16",0.24982,{"date":388,"score":174,"percentile":389},"2026-01-17",0.24987,{"date":391,"score":174,"percentile":392},"2026-01-18",0.24963,{"date":394,"score":174,"percentile":395},"2026-01-19",0.24917,{"date":397,"score":174,"percentile":398},"2026-01-20",0.249,{"date":400,"score":174,"percentile":401},"2026-01-21",0.24856,{"date":403,"score":174,"percentile":404},"2026-01-22",0.24843,{"date":406,"score":174,"percentile":407},"2026-01-23",0.24926,{"date":409,"score":174,"percentile":410},"2026-01-24",0.24932,{"date":412,"score":174,"percentile":413},"2026-01-25",0.24847,{"date":415,"score":174,"percentile":416},"2026-01-26",0.24754,{"date":418,"score":174,"percentile":419},"2026-01-27",0.24741,{"date":421,"score":174,"percentile":422},"2026-01-28",0.24738,{"date":424,"score":174,"percentile":425},"2026-01-29",0.24702,{"date":427,"score":174,"percentile":428},"2026-01-30",0.24687,{"date":430,"score":174,"percentile":431},"2026-01-31",0.2468,{"date":433,"score":174,"percentile":434},"2026-02-01",0.2473,[436],{"source":129,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":437,"cvss_v4_0":9},{"baseScore":127,"baseSeverity":438,"vectorString":130,"impactScore":439,"exploitabilityScore":440},"MEDIUM",4.5,7.2,[442,457,467],{"ecosystem":9,"name":443,"vendor":444,"product":443,"cpe_part":445,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":446},"html/template","go standard library","a",[447,452],{"version":448,"is_range":449,"range_type":135,"version_start":9,"version_start_type":9,"version_end":450,"version_end_type":451,"fixed_in":9},"\u003C 1.20.8",true,"1.20.8","excluding",{"version":453,"is_range":449,"range_type":135,"version_start":454,"version_start_type":455,"version_end":456,"version_end_type":451,"fixed_in":9},">= 1.21.0-0, \u003C 1.21.1","1.21.0-0","including","1.21.1",{"ecosystem":9,"name":458,"vendor":459,"product":458,"cpe_part":445,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"go","golang",[461,464],{"version":462,"is_range":449,"range_type":463,"version_start":9,"version_start_type":9,"version_end":450,"version_end_type":451,"fixed_in":9},"lt1.20.8","cpe",{"version":465,"is_range":449,"range_type":463,"version_start":466,"version_start_type":455,"version_end":456,"version_end_type":451,"fixed_in":9},"gte1.21.0_lt1.21.1","1.21.0",{"ecosystem":468,"name":469,"vendor":468,"product":469,"cpe_part":9,"purl_type":459,"purl_namespace":9,"purl_name":469,"source":9,"versions":470},"Go","stdlib",[471],{"version":472,"is_range":449,"range_type":473,"version_start":454,"version_start_type":455,"version_end":456,"version_end_type":451,"fixed_in":9},"gte1_21_0_0_lt1_21_1","semver"]