[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-13947":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-07T15:11:42.125Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":83,"aliases":84,"duplicate_of":9,"upstream":85,"downstream":86,"duplicates":127,"related":128,"reserved_at":9,"published_at":136,"modified_at":137,"state":138,"summary":139,"references_raw":148,"kevs":206,"epss":207,"epss_history":210,"metrics":486,"affected":494},"CVE-2025-13947","A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-346","Origin Validation Error","The product does not properly verify that the source of data or communication is valid.","weakness","Draft","Class",[19,23,27,31,35,39,43,47,51,55,59,63,67,71,75,79],{"id":20,"name":21,"techniques":22},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":24,"name":25,"techniques":26},"CAPEC-141","Cache Poisoning",[],{"id":28,"name":29,"techniques":30},"CAPEC-142","DNS Cache Poisoning",[],{"id":32,"name":33,"techniques":34},"CAPEC-160","Exploit Script-Based APIs",[],{"id":36,"name":37,"techniques":38},"CAPEC-21","Exploitation of Trusted Identifiers",[],{"id":40,"name":41,"techniques":42},"CAPEC-384","Application API Message Manipulation via Man-in-the-Middle",[],{"id":44,"name":45,"techniques":46},"CAPEC-385","Transaction or Event Tampering via Application API Manipulation",[],{"id":48,"name":49,"techniques":50},"CAPEC-386","Application API Navigation Remapping",[],{"id":52,"name":53,"techniques":54},"CAPEC-387","Navigation Remapping To Propagate Malicious Content",[],{"id":56,"name":57,"techniques":58},"CAPEC-388","Application API Button Hijacking",[],{"id":60,"name":61,"techniques":62},"CAPEC-510","SaaS User Request Forgery",[],{"id":64,"name":65,"techniques":66},"CAPEC-59","Session Credential Falsification through Prediction",[],{"id":68,"name":69,"techniques":70},"CAPEC-60","Reusing Session IDs (aka Session Replay)",[],{"id":72,"name":73,"techniques":74},"CAPEC-75","Manipulating Writeable Configuration Files",[],{"id":76,"name":77,"techniques":78},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":80,"name":81,"techniques":82},"CAPEC-89","Pharming",[],[],[],[],[87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125],{"_key":88},"DSA-6074-1",{"_key":90},"UBUNTU-CVE-2025-13947",{"_key":92},"USN-7941-1",{"_key":94},"DEBIAN-CVE-2025-13947",{"_key":96},"SUSE-SU-2025:4416-1",{"_key":98},"SUSE-SU-2025:4423-1",{"_key":100},"SUSE-SU-2026:20102-1",{"_key":102},"SUSE-SU-2026:0021-1",{"_key":104},"OPENSUSE-SU-2026:20065-1",{"_key":106},"RHSA-2025:22789",{"_key":108},"RHSA-2025:22790",{"_key":110},"RHSA-2025:23110",{"_key":112},"RHSA-2025:23433",{"_key":114},"RHSA-2025:23434",{"_key":116},"RHSA-2025:23451",{"_key":118},"RHSA-2025:23452",{"_key":120},"RHSA-2025:23583",{"_key":122},"RHSA-2025:23591",{"_key":124},"RHSA-2025:23742",{"_key":126},"RHSA-2025:23743",[],[129,131,132,133,134,135],{"_key":130},"MGASA-2025-0325",{"_key":96},{"_key":98},{"_key":100},{"_key":102},{"_key":104},"2025-12-03T09:45:59.939Z","2026-01-07T15:17:58.176Z","Awaiting Analysis",{"cisa_kev":140,"cisa_ransomware":140,"cisa_vendor":9,"epss_severity":141,"epss_score":142,"severity":143,"severity_score":144,"severity_version":145,"severity_source":146,"severity_vector":147,"severity_status":138},false,"low",0.00074,"high",7.4,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",[149,156,160,164,168,172,176,180,184,188,192,196,201],{"url":150,"sources":151,"tags":153},"https://access.redhat.com/errata/RHSA-2025:22789",[146,152],"nvd",[154,155],"Vendor Advisory","X Refsource REDHAT",{"url":157,"sources":158,"tags":159},"https://access.redhat.com/errata/RHSA-2025:22790",[146,152],[154,155],{"url":161,"sources":162,"tags":163},"https://access.redhat.com/errata/RHSA-2025:23110",[146,152],[154,155],{"url":165,"sources":166,"tags":167},"https://access.redhat.com/errata/RHSA-2025:23433",[146,152],[154,155],{"url":169,"sources":170,"tags":171},"https://access.redhat.com/errata/RHSA-2025:23434",[146,152],[154,155],{"url":173,"sources":174,"tags":175},"https://access.redhat.com/errata/RHSA-2025:23451",[146,152],[154,155],{"url":177,"sources":178,"tags":179},"https://access.redhat.com/errata/RHSA-2025:23452",[146,152],[154,155],{"url":181,"sources":182,"tags":183},"https://access.redhat.com/errata/RHSA-2025:23583",[146,152],[154,155],{"url":185,"sources":186,"tags":187},"https://access.redhat.com/errata/RHSA-2025:23591",[146,152],[154,155],{"url":189,"sources":190,"tags":191},"https://access.redhat.com/errata/RHSA-2025:23742",[146,152],[154,155],{"url":193,"sources":194,"tags":195},"https://access.redhat.com/errata/RHSA-2025:23743",[146,152],[154,155],{"url":197,"sources":198,"tags":199},"https://access.redhat.com/security/cve/CVE-2025-13947",[146,152],[200,155],"VDB Entry",{"url":202,"sources":203,"tags":204},"https://bugzilla.redhat.com/show_bug.cgi?id=2418576",[146,152],[205,155],"Issue Tracking",[],{"date":208,"score":142,"percentile":209},"2026-04-06",0.22306,[211,215,218,221,224,227,231,235,238,242,245,248,251,254,257,261,265,268,271,274,278,281,284,287,290,293,296,299,302,305,308,311,314,317,320,323,326,329,332,335,338,341,344,347,350,353,356,359,362,365,368,371,374,377,380,383,386,389,392,395,398,400,403,406,409,412,415,418,421,424,427,430,433,436,439,442,445,448,451,454,457,460,463,466,468,471,474,477,480,483],{"date":212,"score":213,"percentile":214},"2025-12-03",0.00039,0.11305,{"date":216,"score":213,"percentile":217},"2025-12-04",0.11288,{"date":219,"score":213,"percentile":220},"2025-12-05",0.11319,{"date":222,"score":213,"percentile":223},"2025-12-06",0.11327,{"date":225,"score":213,"percentile":226},"2025-12-07",0.11317,{"date":228,"score":229,"percentile":230},"2025-12-08",0.00038,0.11103,{"date":232,"score":233,"percentile":234},"2025-12-09",0.00041,0.12371,{"date":236,"score":233,"percentile":237},"2025-12-10",0.12434,{"date":239,"score":240,"percentile":241},"2025-12-11",0.00044,0.13288,{"date":243,"score":240,"percentile":244},"2025-12-12",0.13336,{"date":246,"score":240,"percentile":247},"2025-12-13",0.13361,{"date":249,"score":240,"percentile":250},"2025-12-14",0.13341,{"date":252,"score":240,"percentile":253},"2025-12-15",0.13306,{"date":255,"score":240,"percentile":256},"2025-12-16",0.13314,{"date":258,"score":259,"percentile":260},"2025-12-17",0.00048,0.15124,{"date":262,"score":263,"percentile":264},"2025-12-18",0.0006,0.18911,{"date":266,"score":263,"percentile":267},"2025-12-19",0.1893,{"date":269,"score":263,"percentile":270},"2025-12-20",0.18904,{"date":272,"score":263,"percentile":273},"2025-12-21",0.18858,{"date":275,"score":276,"percentile":277},"2025-12-22",0.00055,0.1739,{"date":279,"score":276,"percentile":280},"2025-12-23",0.17389,{"date":282,"score":276,"percentile":283},"2025-12-24",0.17413,{"date":285,"score":276,"percentile":286},"2025-12-25",0.17496,{"date":288,"score":276,"percentile":289},"2025-12-26",0.17487,{"date":291,"score":276,"percentile":292},"2025-12-27",0.17481,{"date":294,"score":276,"percentile":295},"2025-12-28",0.1744,{"date":297,"score":276,"percentile":298},"2025-12-29",0.1741,{"date":300,"score":276,"percentile":301},"2025-12-30",0.17426,{"date":303,"score":276,"percentile":304},"2025-12-31",0.17501,{"date":306,"score":276,"percentile":307},"2026-01-01",0.17598,{"date":309,"score":276,"percentile":310},"2026-01-02",0.17586,{"date":312,"score":276,"percentile":313},"2026-01-03",0.17569,{"date":315,"score":263,"percentile":316},"2026-01-04",0.1902,{"date":318,"score":263,"percentile":319},"2026-01-05",0.18996,{"date":321,"score":263,"percentile":322},"2026-01-06",0.19013,{"date":324,"score":263,"percentile":325},"2026-01-07",0.19045,{"date":327,"score":259,"percentile":328},"2026-01-08",0.14993,{"date":330,"score":259,"percentile":331},"2026-01-09",0.15002,{"date":333,"score":259,"percentile":334},"2026-01-10",0.15022,{"date":336,"score":259,"percentile":337},"2026-01-11",0.1498,{"date":339,"score":259,"percentile":340},"2026-01-12",0.14946,{"date":342,"score":259,"percentile":343},"2026-01-13",0.14933,{"date":345,"score":259,"percentile":346},"2026-01-14",0.14991,{"date":348,"score":259,"percentile":349},"2026-01-15",0.14987,{"date":351,"score":259,"percentile":352},"2026-01-16",0.15,{"date":354,"score":259,"percentile":355},"2026-01-17",0.15018,{"date":357,"score":259,"percentile":358},"2026-01-18",0.14956,{"date":360,"score":259,"percentile":361},"2026-01-19",0.14883,{"date":363,"score":259,"percentile":364},"2026-01-20",0.14866,{"date":366,"score":259,"percentile":367},"2026-01-21",0.14856,{"date":369,"score":259,"percentile":370},"2026-01-22",0.14775,{"date":372,"score":259,"percentile":373},"2026-01-23",0.14852,{"date":375,"score":259,"percentile":376},"2026-01-24",0.14881,{"date":378,"score":259,"percentile":379},"2026-01-25",0.1482,{"date":381,"score":259,"percentile":382},"2026-01-26",0.14729,{"date":384,"score":259,"percentile":385},"2026-01-27",0.14725,{"date":387,"score":259,"percentile":388},"2026-01-28",0.14737,{"date":390,"score":259,"percentile":391},"2026-01-29",0.14711,{"date":393,"score":259,"percentile":394},"2026-01-30",0.14708,{"date":396,"score":259,"percentile":397},"2026-01-31",0.14732,{"date":399,"score":259,"percentile":391},"2026-02-01",{"date":401,"score":259,"percentile":402},"2026-02-02",0.14659,{"date":404,"score":259,"percentile":405},"2026-02-03",0.14632,{"date":407,"score":259,"percentile":408},"2026-02-04",0.14625,{"date":410,"score":259,"percentile":411},"2026-02-05",0.14666,{"date":413,"score":259,"percentile":414},"2026-02-06",0.14686,{"date":416,"score":259,"percentile":417},"2026-02-07",0.14706,{"date":419,"score":259,"percentile":420},"2026-02-08",0.14682,{"date":422,"score":276,"percentile":423},"2026-02-09",0.17207,{"date":425,"score":276,"percentile":426},"2026-02-10",0.17124,{"date":428,"score":276,"percentile":429},"2026-02-11",0.17128,{"date":431,"score":276,"percentile":432},"2026-02-12",0.17153,{"date":434,"score":276,"percentile":435},"2026-02-13",0.17146,{"date":437,"score":276,"percentile":438},"2026-02-14",0.17125,{"date":440,"score":276,"percentile":441},"2026-02-15",0.17104,{"date":443,"score":276,"percentile":444},"2026-02-16",0.17063,{"date":446,"score":276,"percentile":447},"2026-02-17",0.17044,{"date":449,"score":276,"percentile":450},"2026-02-18",0.1722,{"date":452,"score":276,"percentile":453},"2026-02-19",0.17279,{"date":455,"score":276,"percentile":456},"2026-02-20",0.17281,{"date":458,"score":276,"percentile":459},"2026-02-21",0.17304,{"date":461,"score":276,"percentile":462},"2026-02-22",0.17309,{"date":464,"score":276,"percentile":465},"2026-02-23",0.17275,{"date":467,"score":276,"percentile":450},"2026-02-24",{"date":469,"score":276,"percentile":470},"2026-02-25",0.17183,{"date":472,"score":276,"percentile":473},"2026-02-26",0.17164,{"date":475,"score":276,"percentile":476},"2026-02-27",0.17177,{"date":478,"score":276,"percentile":479},"2026-02-28",0.1717,{"date":481,"score":276,"percentile":482},"2026-03-01",0.17175,{"date":484,"score":276,"percentile":485},"2026-03-02",0.17118,[487,492],{"source":146,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":488,"cvss_v4_0":9},{"baseScore":144,"baseSeverity":489,"vectorString":147,"impactScore":490,"exploitabilityScore":491},"HIGH",6.7,7.2,{"source":152,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":493,"cvss_v4_0":9},{"baseScore":144,"baseSeverity":489,"vectorString":147,"impactScore":490,"exploitabilityScore":491},[495],{"ecosystem":9,"name":496,"vendor":497,"product":496,"cpe_part":498,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":499},"webkitgtk","the webkitgtk team","a",[500],{"version":501,"is_range":502,"range_type":146,"version_start":9,"version_start_type":9,"version_end":503,"version_end_type":504,"fixed_in":9},"\u003C 2.50.3",true,"2.50.3","excluding"]