[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-9287":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":58,"aliases":59,"duplicate_of":9,"upstream":60,"downstream":61,"duplicates":142,"related":143,"reserved_at":9,"published_at":174,"modified_at":175,"state":176,"summary":177,"references_raw":186,"kevs":239,"epss":240,"epss_history":243,"metrics":519,"affected":532},"CVE-2024-9287","A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie \"./venv/bin/python\") are not affected.",null,[11,19],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-428","Unquoted Search Path or Element","The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.","weakness","Draft","Base",[],{"_key":20,"id":20,"name":21,"description":22,"type":15,"status":16,"abstraction":23,"likelihood_of_exploit":24,"capec":25},"CWE-77","Improper Neutralization of Special Elements used in a Command ('Command Injection')","The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.","Class","High",[26,30,34,38,42,46,50,54],{"id":27,"name":28,"techniques":29},"CAPEC-136","LDAP Injection",[],{"id":31,"name":32,"techniques":33},"CAPEC-15","Command Delimiters",[],{"id":35,"name":36,"techniques":37},"CAPEC-183","IMAP/SMTP Command Injection",[],{"id":39,"name":40,"techniques":41},"CAPEC-248","Command Injection",[],{"id":43,"name":44,"techniques":45},"CAPEC-40","Manipulating Writeable Terminal Devices",[],{"id":47,"name":48,"techniques":49},"CAPEC-43","Exploiting Multiple Input Interpretation Layers",[],{"id":51,"name":52,"techniques":53},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":55,"name":56,"techniques":57},"CAPEC-76","Manipulating Web Input to File System Calls",[],[],[],[],[62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140],{"_key":63},"ALPINE-CVE-2024-9287",{"_key":65},"SUSE-SU-2024:3958-1",{"_key":67},"SUSE-SU-2024:3760-1",{"_key":69},"SUSE-SU-2024:3929-1",{"_key":71},"SUSE-SU-2024:3944-1",{"_key":73},"SUSE-SU-2025:02074-1",{"_key":75},"SUSE-SU-2024:3879-1",{"_key":77},"SUSE-SU-2024:3924-1",{"_key":79},"SUSE-SU-2024:3945-1",{"_key":81},"SUSE-SU-2024:3957-1",{"_key":83},"SUSE-SU-2024:3959-1",{"_key":85},"SUSE-SU-2025:0047-1",{"_key":87},"SUSE-SU-2025:0048-1",{"_key":89},"SUSE-SU-2025:0049-1",{"_key":91},"OPENSUSE-SU-2024:14426-1",{"_key":93},"OPENSUSE-SU-2024:14427-1",{"_key":95},"OPENSUSE-SU-2024:14428-1",{"_key":97},"OPENSUSE-SU-2024:14430-1",{"_key":99},"OPENSUSE-SU-2024:14455-1",{"_key":101},"OPENSUSE-SU-2024:14456-1",{"_key":103},"DLA-3966-1",{"_key":105},"DLA-3980-1",{"_key":107},"RHSA-2024:10779",{"_key":109},"RHSA-2024:10979",{"_key":111},"RHSA-2024:10983",{"_key":113},"RHSA-2024:11024",{"_key":115},"RHSA-2024:11111",{"_key":117},"RHSA-2025:0280",{"_key":119},"RHSA-2024:10978",{"_key":121},"RHSA-2024:10980",{"_key":123},"RHSA-2024:11035",{"_key":125},"SUSE-SU-2025:20154-1",{"_key":127},"SUSE-SU-2025:20374-1",{"_key":129},"MGASA-2025-0280",{"_key":131},"UBUNTU-CVE-2024-9287",{"_key":133},"USN-7116-1",{"_key":135},"DEBIAN-CVE-2024-9287",{"_key":137},"USN-7348-1",{"_key":139},"USN-7488-1",{"_key":141},"RHSA-2025:23530",[],[144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,168,170,172],{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":95},{"_key":97},{"_key":99},{"_key":101},{"_key":125},{"_key":127},{"_key":129},{"_key":167},"CGA-37J6-2H92-VMG9",{"_key":169},"CGA-436M-HQQQ-2CJW",{"_key":171},"CGA-GM4J-MR3Q-2PF6",{"_key":173},"CGA-87WC-M3C5-V3PM","2024-10-22T16:34:39.210Z","2025-11-03T22:33:21.116Z","Modified",{"cisa_kev":178,"cisa_ransomware":178,"cisa_vendor":9,"epss_severity":179,"epss_score":180,"severity":181,"severity_score":182,"severity_version":183,"severity_source":184,"severity_vector":185,"severity_status":176},false,"low",0.00061,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[187,193,198,203,207,211,215,219,223,227,231,235],{"url":188,"sources":189,"tags":191},"https://github.com/python/cpython/issues/124651",[190,184],"cve.org",[192],"Issue Tracking",{"url":194,"sources":195,"tags":196},"https://github.com/python/cpython/pull/124712",[190,184],[197,192],"Patch",{"url":199,"sources":200,"tags":201},"https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/",[190,184],[202],"Vendor Advisory",{"url":204,"sources":205,"tags":206},"https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483",[190,184],[197],{"url":208,"sources":209,"tags":210},"https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7",[190,184],[197],{"url":212,"sources":213,"tags":214},"https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db",[190,184],[197],{"url":216,"sources":217,"tags":218},"https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8",[190,184],[197],{"url":220,"sources":221,"tags":222},"https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97",[190,184],[197],{"url":224,"sources":225,"tags":226},"https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b",[190,184],[197],{"url":228,"sources":229,"tags":230},"https://security.netapp.com/advisory/ntap-20250425-0006/",[190,184],[],{"url":232,"sources":233,"tags":234},"https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html",[190,184],[],{"url":236,"sources":237,"tags":238},"https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html",[190,184],[],[],{"date":241,"score":180,"percentile":242},"2026-06-04",0.1914,[244,248,251,254,257,260,263,266,269,272,275,278,281,284,287,291,294,297,301,304,307,310,313,316,319,322,325,329,332,335,338,341,344,347,350,353,356,359,362,366,369,372,375,378,381,385,388,390,393,396,399,401,404,407,411,414,417,420,423,426,429,432,435,438,441,444,446,449,452,455,458,460,463,466,469,472,476,479,482,485,488,492,495,498,501,504,507,510,513,516],{"date":245,"score":246,"percentile":247},"2025-11-04",0.00049,0.15094,{"date":249,"score":246,"percentile":250},"2025-11-05",0.15126,{"date":252,"score":246,"percentile":253},"2025-11-06",0.15221,{"date":255,"score":246,"percentile":256},"2025-11-07",0.15244,{"date":258,"score":246,"percentile":259},"2025-11-08",0.15254,{"date":261,"score":246,"percentile":262},"2025-11-09",0.1523,{"date":264,"score":246,"percentile":265},"2025-11-10",0.15189,{"date":267,"score":246,"percentile":268},"2025-11-11",0.15211,{"date":270,"score":246,"percentile":271},"2025-11-12",0.15255,{"date":273,"score":246,"percentile":274},"2025-11-13",0.1528,{"date":276,"score":246,"percentile":277},"2025-11-14",0.15281,{"date":279,"score":246,"percentile":280},"2025-11-15",0.1524,{"date":282,"score":246,"percentile":283},"2025-11-16",0.15222,{"date":285,"score":246,"percentile":286},"2025-11-17",0.15182,{"date":288,"score":289,"percentile":290},"2025-11-18",0.00093,0.22509,{"date":292,"score":289,"percentile":293},"2025-11-19",0.22521,{"date":295,"score":289,"percentile":296},"2025-11-20",0.22529,{"date":298,"score":299,"percentile":300},"2025-11-21",0.00051,0.15931,{"date":302,"score":299,"percentile":303},"2025-11-22",0.15934,{"date":305,"score":299,"percentile":306},"2025-11-23",0.1591,{"date":308,"score":246,"percentile":309},"2025-11-24",0.15173,{"date":311,"score":246,"percentile":312},"2025-11-25",0.15167,{"date":314,"score":246,"percentile":315},"2025-11-26",0.15156,{"date":317,"score":246,"percentile":318},"2025-11-27",0.15165,{"date":320,"score":246,"percentile":321},"2025-11-28",0.15145,{"date":323,"score":246,"percentile":324},"2025-11-29",0.15124,{"date":326,"score":327,"percentile":328},"2025-11-30",0.00019,0.03933,{"date":330,"score":327,"percentile":331},"2025-12-01",0.04036,{"date":333,"score":327,"percentile":334},"2025-12-02",0.0405,{"date":336,"score":327,"percentile":337},"2025-12-03",0.04063,{"date":339,"score":327,"percentile":340},"2025-12-04",0.03997,{"date":342,"score":327,"percentile":343},"2025-12-05",0.0406,{"date":345,"score":327,"percentile":346},"2025-12-06",0.04074,{"date":348,"score":327,"percentile":349},"2025-12-07",0.04079,{"date":351,"score":327,"percentile":352},"2025-12-08",0.04089,{"date":354,"score":327,"percentile":355},"2025-12-09",0.0414,{"date":357,"score":327,"percentile":358},"2025-12-10",0.04182,{"date":360,"score":327,"percentile":361},"2025-12-11",0.0418,{"date":363,"score":364,"percentile":365},"2025-12-12",0.00018,0.04021,{"date":367,"score":364,"percentile":368},"2025-12-13",0.04035,{"date":370,"score":364,"percentile":371},"2025-12-14",0.04023,{"date":373,"score":364,"percentile":374},"2025-12-15",0.03981,{"date":376,"score":364,"percentile":377},"2025-12-16",0.03998,{"date":379,"score":364,"percentile":380},"2025-12-17",0.0404,{"date":382,"score":383,"percentile":384},"2025-12-18",0.00022,0.05229,{"date":386,"score":383,"percentile":387},"2025-12-19",0.05207,{"date":389,"score":383,"percentile":387},"2025-12-20",{"date":391,"score":327,"percentile":392},"2025-12-21",0.04263,{"date":394,"score":327,"percentile":395},"2025-12-22",0.04211,{"date":397,"score":327,"percentile":398},"2025-12-23",0.04219,{"date":400,"score":364,"percentile":337},"2025-12-24",{"date":402,"score":364,"percentile":403},"2025-12-25",0.04103,{"date":405,"score":327,"percentile":406},"2025-12-26",0.04283,{"date":408,"score":409,"percentile":410},"2025-12-27",0.00021,0.04845,{"date":412,"score":327,"percentile":413},"2025-12-28",0.04284,{"date":415,"score":327,"percentile":416},"2025-12-29",0.04278,{"date":418,"score":327,"percentile":419},"2025-12-30",0.04213,{"date":421,"score":327,"percentile":422},"2025-12-31",0.04235,{"date":424,"score":327,"percentile":425},"2026-01-01",0.04324,{"date":427,"score":327,"percentile":428},"2026-01-02",0.04326,{"date":430,"score":327,"percentile":431},"2026-01-03",0.04311,{"date":433,"score":327,"percentile":434},"2026-01-04",0.04197,{"date":436,"score":327,"percentile":437},"2026-01-05",0.04155,{"date":439,"score":327,"percentile":440},"2026-01-06",0.04153,{"date":442,"score":327,"percentile":443},"2026-01-07",0.04174,{"date":445,"score":364,"percentile":380},"2026-01-08",{"date":447,"score":364,"percentile":448},"2026-01-09",0.04041,{"date":450,"score":364,"percentile":451},"2026-01-10",0.04051,{"date":453,"score":364,"percentile":454},"2026-01-11",0.04031,{"date":456,"score":364,"percentile":457},"2026-01-12",0.04029,{"date":459,"score":364,"percentile":371},"2026-01-13",{"date":461,"score":364,"percentile":462},"2026-01-14",0.04059,{"date":464,"score":364,"percentile":465},"2026-01-15",0.03984,{"date":467,"score":364,"percentile":468},"2026-01-16",0.03956,{"date":470,"score":364,"percentile":471},"2026-01-17",0.03957,{"date":473,"score":474,"percentile":475},"2026-01-18",0.00062,0.19705,{"date":477,"score":474,"percentile":478},"2026-01-19",0.19657,{"date":480,"score":474,"percentile":481},"2026-01-20",0.19639,{"date":483,"score":474,"percentile":484},"2026-01-21",0.19605,{"date":486,"score":474,"percentile":487},"2026-01-22",0.19549,{"date":489,"score":490,"percentile":491},"2026-01-23",0.00064,0.20212,{"date":493,"score":490,"percentile":494},"2026-01-24",0.20236,{"date":496,"score":490,"percentile":497},"2026-01-25",0.20161,{"date":499,"score":490,"percentile":500},"2026-01-26",0.20056,{"date":502,"score":490,"percentile":503},"2026-01-27",0.20047,{"date":505,"score":490,"percentile":506},"2026-01-28",0.20048,{"date":508,"score":490,"percentile":509},"2026-01-29",0.20009,{"date":511,"score":490,"percentile":512},"2026-01-30",0.20013,{"date":514,"score":490,"percentile":515},"2026-01-31",0.2002,{"date":517,"score":490,"percentile":518},"2026-02-01",0.20041,[520,525],{"source":190,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":521},{"baseScore":522,"baseSeverity":523,"vectorString":524,"impactScore":9,"exploitabilityScore":9},5.3,"MEDIUM","CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green",{"source":184,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":526,"cvss_v4_0":530},{"baseScore":182,"baseSeverity":527,"vectorString":185,"impactScore":528,"exploitabilityScore":529},"HIGH",9.8,4.6,{"baseScore":522,"baseSeverity":523,"vectorString":531,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green",[533,565],{"ecosystem":9,"name":534,"vendor":535,"product":536,"cpe_part":537,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":538},"CPython","python software foundation","cpython","a",[539,544,549,553,557,561],{"version":540,"is_range":541,"range_type":190,"version_start":9,"version_start_type":9,"version_end":542,"version_end_type":543,"fixed_in":9},"\u003C 3.9.21",true,"3.9.21","excluding",{"version":545,"is_range":541,"range_type":190,"version_start":546,"version_start_type":547,"version_end":548,"version_end_type":543,"fixed_in":9},">= 3.10.0, \u003C 3.10.16","3.10.0","including","3.10.16",{"version":550,"is_range":541,"range_type":190,"version_start":551,"version_start_type":547,"version_end":552,"version_end_type":543,"fixed_in":9},">= 3.11.0, \u003C 3.11.11","3.11.0","3.11.11",{"version":554,"is_range":541,"range_type":190,"version_start":555,"version_start_type":547,"version_end":556,"version_end_type":543,"fixed_in":9},">= 3.12.0, \u003C 3.12.8","3.12.0","3.12.8",{"version":558,"is_range":541,"range_type":190,"version_start":559,"version_start_type":547,"version_end":560,"version_end_type":543,"fixed_in":9},">= 3.13.0, \u003C 3.13.1","3.13.0","3.13.1",{"version":562,"is_range":541,"range_type":190,"version_start":563,"version_start_type":547,"version_end":564,"version_end_type":543,"fixed_in":9},">= 3.14.0a1, \u003C 3.14.0a2","3.14.0a1","3.14.0a2",{"ecosystem":9,"name":566,"vendor":566,"product":566,"cpe_part":537,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":567},"python",[568,571,573,575,577,579],{"version":569,"is_range":541,"range_type":570,"version_start":9,"version_start_type":9,"version_end":542,"version_end_type":543,"fixed_in":9},"lt3.9.21","cpe",{"version":572,"is_range":541,"range_type":570,"version_start":546,"version_start_type":547,"version_end":548,"version_end_type":543,"fixed_in":9},"gte3.10.0_lt3.10.16",{"version":574,"is_range":541,"range_type":570,"version_start":551,"version_start_type":547,"version_end":552,"version_end_type":543,"fixed_in":9},"gte3.11.0_lt3.11.11",{"version":576,"is_range":541,"range_type":570,"version_start":555,"version_start_type":547,"version_end":556,"version_end_type":543,"fixed_in":9},"gte3.12.0_lt3.12.8",{"version":578,"is_range":541,"range_type":570,"version_start":559,"version_start_type":547,"version_end":560,"version_end_type":543,"fixed_in":9},"gte3.13.0_lt3.13.1",{"version":580,"is_range":178,"range_type":570,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.14.0:alpha1"]