[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-21614":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":86,"aliases":87,"duplicate_of":9,"upstream":90,"downstream":91,"duplicates":116,"related":117,"reserved_at":9,"published_at":255,"modified_at":256,"state":257,"summary":258,"references_raw":267,"kevs":287,"epss":288,"epss_history":291,"metrics":556,"affected":566},"CVE-2025-21614","go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],[],[88,89],"GHSA-r9px-m959-cxf4","GO-2025-3367",[],[92,94,96,98,100,102,104,106,108,110,112,114],{"_key":93},"SUSE-SU-2025:0060-1",{"_key":95},"OPENSUSE-SU-2025:0056-1",{"_key":97},"OPENSUSE-SU-2025:14624-1",{"_key":99},"OPENSUSE-SU-2025:14634-1",{"_key":101},"UBUNTU-CVE-2025-21614",{"_key":103},"OPENSUSE-SU-2025:15487-1",{"_key":105},"OPENSUSE-SU-2025:20117-1",{"_key":107},"OPENSUSE-SU-2025:20177-1",{"_key":109},"USN-8088-1",{"_key":111},"DEBIAN-CVE-2025-21614",{"_key":113},"RHSA-2025:0401",{"_key":115},"RHSA-2025:0662",[],[118,119,120,121,122,123,124,125,126,127,129,131,133,135,137,139,141,143,145,147,149,151,153,155,157,159,161,163,165,167,169,171,173,175,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253],{"_key":113},{"_key":115},{"_key":93},{"_key":95},{"_key":97},{"_key":99},{"_key":103},{"_key":105},{"_key":107},{"_key":128},"CGA-25C9-3JR6-JXXG",{"_key":130},"CGA-3H2W-CRFM-C9GV",{"_key":132},"CGA-3HCF-82M4-JV8G",{"_key":134},"CGA-3QVF-P8PM-RCCQ",{"_key":136},"CGA-42GF-352F-H47V",{"_key":138},"CGA-46XM-6G2F-4CMX",{"_key":140},"CGA-4MFQ-QWQ3-CRJJ",{"_key":142},"CGA-4PC6-RW7J-V45X",{"_key":144},"CGA-4VXC-2QW8-5V4Q",{"_key":146},"CGA-522W-5H2G-RQ48",{"_key":148},"CGA-533M-33R2-X84M",{"_key":150},"CGA-5J4G-3886-7V27",{"_key":152},"CGA-5M79-5W86-96QW",{"_key":154},"CGA-5MF4-9QX3-Q7G3",{"_key":156},"CGA-659P-XCF5-V3F3",{"_key":158},"CGA-6W85-7VGH-XJ58",{"_key":160},"CGA-72PF-VRM4-5RXH",{"_key":162},"CGA-7F4H-7PH7-8W8M",{"_key":164},"CGA-82C3-RR5R-47CR",{"_key":166},"CGA-8FCR-29P8-R7XG",{"_key":168},"CGA-8W56-F4X5-3C94",{"_key":170},"CGA-9736-4825-G56M",{"_key":172},"CGA-9Q56-86G9-6PPW",{"_key":174},"CGA-9QXG-J6R4-2RC7",{"_key":176},"CGA-C53M-WJ6M-G89Q",{"_key":178},"CGA-FQJP-GQGV-CHRP",{"_key":180},"CGA-FWCG-H4X9-8XR4",{"_key":182},"CGA-FXXC-W9CP-GG3W",{"_key":184},"CGA-G3JJ-GXHM-G5JJ",{"_key":186},"CGA-GC77-5PHF-VXM8",{"_key":188},"CGA-GVFG-PQ6F-2FWQ",{"_key":190},"CGA-H665-8MM8-2HQ6",{"_key":192},"CGA-HMHH-PCV9-5925",{"_key":194},"CGA-JFJJ-C8F2-8JWG",{"_key":196},"CGA-JJ5H-HMWF-MMMR",{"_key":198},"CGA-M53M-7MR9-M2WP",{"_key":200},"CGA-MMRM-QFR7-G2W5",{"_key":202},"CGA-MQ8R-C5GF-JVXW",{"_key":204},"CGA-MQPQ-QRJ4-2HJ9",{"_key":206},"CGA-MR43-VW9H-C5JX",{"_key":208},"CGA-P74P-5F53-P34C",{"_key":210},"CGA-P88V-HQXJ-6WR9",{"_key":212},"CGA-PC74-H874-VF2J",{"_key":214},"CGA-PCC5-V84X-9CVX",{"_key":216},"CGA-PJF8-PHCP-8C4R",{"_key":218},"CGA-QFXP-35RX-VP74",{"_key":220},"CGA-QMPC-49QF-33H6",{"_key":222},"CGA-R49J-XM48-4F37",{"_key":224},"CGA-R4P7-5659-WJ66",{"_key":226},"CGA-RCXW-HFWP-Q4CX",{"_key":228},"CGA-RJJG-XXQ6-9M54",{"_key":230},"CGA-RQRP-5G3V-MV2P",{"_key":232},"CGA-V8X4-7HQ3-9JP4",{"_key":234},"CGA-VCFC-JVVW-JJHM",{"_key":236},"CGA-VP8V-C6R9-6VXR",{"_key":238},"CGA-VPQW-7VR4-49WR",{"_key":240},"CGA-VRWF-VM3X-FRP4",{"_key":242},"CGA-VVMC-7MGM-GCVC",{"_key":244},"CGA-W7R5-X3RP-F7G3",{"_key":246},"CGA-W7W5-364F-67P2",{"_key":248},"CGA-WCCQ-9G8J-W469",{"_key":250},"CGA-WV9C-Q6J7-75MV",{"_key":252},"CGA-X982-X58X-37XQ",{"_key":254},"CGA-RXRQ-JMMH-WCHR","2025-01-06T16:20:16.140Z","2025-08-26T19:48:04.692Z","Analyzed",{"cisa_kev":259,"cisa_ransomware":259,"cisa_vendor":9,"epss_severity":260,"epss_score":261,"severity":262,"severity_score":263,"severity_version":264,"severity_source":265,"severity_vector":266,"severity_status":257},false,"low",0.00228,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[268,278,282],{"url":269,"sources":270,"tags":273},"https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4",[265,271,272],"nvd","osv_go",[274,275,276,277],"X Refsource CONFIRM","Vendor Advisory","WEB","Advisory",{"url":279,"sources":280,"tags":281},"https://nvd.nist.gov/vuln/detail/CVE-2025-21614",[272],[277],{"url":283,"sources":284,"tags":285},"https://github.com/go-git/go-git",[272],[286],"PACKAGE",[],{"date":289,"score":261,"percentile":290},"2026-06-05",0.45735,[292,296,299,302,304,307,310,313,316,319,321,324,327,330,333,337,340,343,346,348,351,354,357,360,363,366,369,372,375,378,381,384,387,389,392,395,397,400,403,406,409,412,415,418,421,424,427,430,433,436,439,442,445,448,451,454,457,460,463,466,468,471,474,477,480,483,486,489,492,495,498,500,503,506,509,512,515,518,521,524,527,530,533,536,539,542,545,548,551,553],{"date":293,"score":294,"percentile":295},"2025-11-04",0.00095,0.27118,{"date":297,"score":294,"percentile":298},"2025-11-05",0.27106,{"date":300,"score":294,"percentile":301},"2025-11-06",0.27117,{"date":303,"score":294,"percentile":301},"2025-11-07",{"date":305,"score":294,"percentile":306},"2025-11-08",0.27111,{"date":308,"score":294,"percentile":309},"2025-11-09",0.27068,{"date":311,"score":294,"percentile":312},"2025-11-10",0.27034,{"date":314,"score":294,"percentile":315},"2025-11-11",0.27059,{"date":317,"score":294,"percentile":318},"2025-11-12",0.27104,{"date":320,"score":294,"percentile":306},"2025-11-13",{"date":322,"score":294,"percentile":323},"2025-11-14",0.27097,{"date":325,"score":294,"percentile":326},"2025-11-15",0.27085,{"date":328,"score":294,"percentile":329},"2025-11-16",0.27041,{"date":331,"score":294,"percentile":332},"2025-11-17",0.27009,{"date":334,"score":335,"percentile":336},"2025-11-18",0.00418,0.59067,{"date":338,"score":335,"percentile":339},"2025-11-19",0.5908,{"date":341,"score":335,"percentile":342},"2025-11-20",0.5907,{"date":344,"score":294,"percentile":345},"2025-11-21",0.27014,{"date":347,"score":294,"percentile":345},"2025-11-22",{"date":349,"score":294,"percentile":350},"2025-11-23",0.26972,{"date":352,"score":294,"percentile":353},"2025-11-24",0.26941,{"date":355,"score":294,"percentile":356},"2025-11-25",0.26932,{"date":358,"score":294,"percentile":359},"2025-11-26",0.26922,{"date":361,"score":294,"percentile":362},"2025-11-27",0.26931,{"date":364,"score":294,"percentile":365},"2025-11-28",0.269,{"date":367,"score":294,"percentile":368},"2025-11-29",0.26884,{"date":370,"score":294,"percentile":371},"2025-11-30",0.26859,{"date":373,"score":294,"percentile":374},"2025-12-01",0.26914,{"date":376,"score":294,"percentile":377},"2025-12-02",0.26935,{"date":379,"score":294,"percentile":380},"2025-12-03",0.2694,{"date":382,"score":294,"percentile":383},"2025-12-04",0.26873,{"date":385,"score":294,"percentile":386},"2025-12-05",0.26911,{"date":388,"score":294,"percentile":386},"2025-12-06",{"date":390,"score":294,"percentile":391},"2025-12-07",0.26879,{"date":393,"score":294,"percentile":394},"2025-12-08",0.26883,{"date":396,"score":294,"percentile":380},"2025-12-09",{"date":398,"score":294,"percentile":399},"2025-12-10",0.27016,{"date":401,"score":294,"percentile":402},"2025-12-11",0.27047,{"date":404,"score":294,"percentile":405},"2025-12-12",0.2706,{"date":407,"score":294,"percentile":408},"2025-12-13",0.27058,{"date":410,"score":294,"percentile":411},"2025-12-14",0.27024,{"date":413,"score":294,"percentile":414},"2025-12-15",0.26994,{"date":416,"score":294,"percentile":417},"2025-12-16",0.27005,{"date":419,"score":294,"percentile":420},"2025-12-17",0.27064,{"date":422,"score":294,"percentile":423},"2025-12-18",0.27115,{"date":425,"score":294,"percentile":426},"2025-12-19",0.27129,{"date":428,"score":294,"percentile":429},"2025-12-20",0.27098,{"date":431,"score":294,"percentile":432},"2025-12-21",0.27062,{"date":434,"score":294,"percentile":435},"2025-12-22",0.27033,{"date":437,"score":294,"percentile":438},"2025-12-23",0.26997,{"date":440,"score":294,"percentile":441},"2025-12-24",0.27011,{"date":443,"score":294,"percentile":444},"2025-12-25",0.27086,{"date":446,"score":294,"percentile":447},"2025-12-26",0.27076,{"date":449,"score":294,"percentile":450},"2025-12-27",0.27065,{"date":452,"score":294,"percentile":453},"2025-12-28",0.26988,{"date":455,"score":294,"percentile":456},"2025-12-29",0.2696,{"date":458,"score":294,"percentile":459},"2025-12-30",0.26956,{"date":461,"score":294,"percentile":462},"2025-12-31",0.27023,{"date":464,"score":294,"percentile":465},"2026-01-01",0.2713,{"date":467,"score":294,"percentile":465},"2026-01-02",{"date":469,"score":294,"percentile":470},"2026-01-03",0.27112,{"date":472,"score":294,"percentile":473},"2026-01-04",0.27012,{"date":475,"score":294,"percentile":476},"2026-01-05",0.27001,{"date":478,"score":294,"percentile":479},"2026-01-06",0.27007,{"date":481,"score":294,"percentile":482},"2026-01-07",0.27038,{"date":484,"score":294,"percentile":485},"2026-01-08",0.27083,{"date":487,"score":294,"percentile":488},"2026-01-09",0.2707,{"date":490,"score":294,"percentile":491},"2026-01-10",0.2704,{"date":493,"score":294,"percentile":494},"2026-01-11",0.27019,{"date":496,"score":294,"percentile":497},"2026-01-12",0.26974,{"date":499,"score":294,"percentile":459},"2026-01-13",{"date":501,"score":294,"percentile":502},"2026-01-14",0.27,{"date":504,"score":294,"percentile":505},"2026-01-15",0.26996,{"date":507,"score":294,"percentile":508},"2026-01-16",0.27028,{"date":510,"score":294,"percentile":511},"2026-01-17",0.27031,{"date":513,"score":294,"percentile":514},"2026-01-18",0.2698,{"date":516,"score":294,"percentile":517},"2026-01-19",0.26937,{"date":519,"score":294,"percentile":520},"2026-01-20",0.2692,{"date":522,"score":294,"percentile":523},"2026-01-21",0.26867,{"date":525,"score":294,"percentile":526},"2026-01-22",0.26846,{"date":528,"score":294,"percentile":529},"2026-01-23",0.26917,{"date":531,"score":294,"percentile":532},"2026-01-24",0.26915,{"date":534,"score":294,"percentile":535},"2026-01-25",0.26837,{"date":537,"score":294,"percentile":538},"2026-01-26",0.26752,{"date":540,"score":294,"percentile":541},"2026-01-27",0.26734,{"date":543,"score":294,"percentile":544},"2026-01-28",0.26726,{"date":546,"score":294,"percentile":547},"2026-01-29",0.26681,{"date":549,"score":294,"percentile":550},"2026-01-30",0.26676,{"date":552,"score":294,"percentile":550},"2026-01-31",{"date":554,"score":294,"percentile":555},"2026-02-01",0.26731,[557,562,564],{"source":265,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":558,"cvss_v4_0":9},{"baseScore":263,"baseSeverity":559,"vectorString":266,"impactScore":560,"exploitabilityScore":561},"HIGH",6,10,{"source":271,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":563,"cvss_v4_0":9},{"baseScore":263,"baseSeverity":559,"vectorString":266,"impactScore":560,"exploitabilityScore":561},{"source":272,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":565,"cvss_v4_0":9},{"baseScore":263,"baseSeverity":9,"vectorString":266,"impactScore":560,"exploitabilityScore":561},[567,578,584,594,600,606],{"ecosystem":9,"name":568,"vendor":569,"product":568,"cpe_part":570,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":571},"go-git","go-git_project","a",[572],{"version":573,"is_range":574,"range_type":575,"version_start":9,"version_start_type":9,"version_end":576,"version_end_type":577,"fixed_in":9},"lt5.13.0",true,"cpe","5.13.0","excluding",{"ecosystem":9,"name":568,"vendor":568,"product":568,"cpe_part":570,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":579},[580],{"version":581,"is_range":574,"range_type":265,"version_start":582,"version_start_type":583,"version_end":576,"version_end_type":577,"fixed_in":9},">= 4.0.0,  \u003C 5.13.0","4.0.0","including",{"ecosystem":585,"name":586,"vendor":587,"product":568,"cpe_part":9,"purl_type":588,"purl_namespace":587,"purl_name":568,"source":9,"versions":589},"Go","github.com/go-git/go-git","github.com/go-git","golang",[590],{"version":591,"is_range":574,"range_type":592,"version_start":582,"version_start_type":583,"version_end":593,"version_end_type":583,"fixed_in":9},"gte4_0_0_lte4_13_1","semver","4.13.1",{"ecosystem":585,"name":595,"vendor":586,"product":596,"cpe_part":9,"purl_type":588,"purl_namespace":586,"purl_name":596,"source":9,"versions":597},"github.com/go-git/go-git/v4","v4",[598],{"version":599,"is_range":574,"range_type":592,"version_start":582,"version_start_type":583,"version_end":9,"version_end_type":9,"fixed_in":9},"gte4_0_0",{"ecosystem":585,"name":601,"vendor":586,"product":602,"cpe_part":9,"purl_type":588,"purl_namespace":586,"purl_name":602,"source":9,"versions":603},"github.com/go-git/go-git/v5","v5",[604],{"version":605,"is_range":574,"range_type":592,"version_start":9,"version_start_type":9,"version_end":576,"version_end_type":577,"fixed_in":9},"lt5_13_0",{"ecosystem":585,"name":607,"vendor":608,"product":609,"cpe_part":9,"purl_type":588,"purl_namespace":608,"purl_name":609,"source":9,"versions":610},"gopkg.in/src-d/go-git.v4","gopkg.in/src-d","go-git.v4",[611,612],{"version":591,"is_range":574,"range_type":592,"version_start":582,"version_start_type":583,"version_end":593,"version_end_type":583,"fixed_in":9},{"version":599,"is_range":574,"range_type":592,"version_start":582,"version_start_type":583,"version_end":9,"version_end_type":9,"fixed_in":9}]