[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-22873":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":26,"aliases":27,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":50,"related":51,"reserved_at":9,"published_at":61,"modified_at":62,"state":63,"summary":64,"references_raw":72,"kevs":105,"epss":106,"epss_history":109,"metrics":321,"affected":329},"CVE-2025-22873","It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-23","Relative Path Traversal","The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as \"..\" that can resolve to a location that is outside of that directory.","weakness","Draft","Base",[19,22],{"id":20,"name":13,"techniques":21},"CAPEC-139",[],{"id":23,"name":24,"techniques":25},"CAPEC-76","Manipulating Web Input to File System Calls",[],[],[28,29],"GO-2026-4403","BIT-golang-2025-22873",[],[32,34,36,38,40,42,44,46,48],{"_key":33},"SUSE-SU-2025:01846-1",{"_key":35},"SUSE-SU-2025:1551-1",{"_key":37},"SUSE-SU-2025:01551-1",{"_key":39},"SUSE-SU-2026:0403-1",{"_key":41},"OPENSUSE-SU-2025:15058-1",{"_key":43},"DEBIAN-CVE-2025-22873",{"_key":45},"UBUNTU-CVE-2025-22873",{"_key":47},"RHSA-2026:7291",{"_key":49},"RHSA-2026:7385",[],[52,53,54,55,56,57,58,59],{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":47},{"_key":49},{"_key":60},"CGA-HM3H-GPF5-PCPJ","2026-02-04T23:05:24.803Z","2026-02-05T15:03:55.451Z","Analyzed",{"cisa_kev":65,"cisa_ransomware":65,"cisa_vendor":9,"epss_severity":66,"epss_score":67,"severity":66,"severity_score":68,"severity_version":69,"severity_source":70,"severity_vector":71,"severity_status":63},false,"low",0.00003,3.8,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",[73,82,89,96,100],{"url":74,"sources":75,"tags":78},"https://go.dev/cl/670036",[70,76,77],"nvd","osv_go",[79,80,81],"FIX","Patch","Product",{"url":83,"sources":84,"tags":85},"https://go.dev/issue/73555",[70,76,77],[86,87,88],"REPORT","Issue Tracking","Vendor Advisory",{"url":90,"sources":91,"tags":92},"https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ",[70,76,77],[93,94,95],"WEB","Mailing List","Release Notes",{"url":97,"sources":98,"tags":99},"https://pkg.go.dev/vuln/GO-2026-4403",[70,76],[88,87],{"url":101,"sources":102,"tags":103},"http://www.openwall.com/lists/oss-security/2025/05/06/2",[70,76],[94,104],"Third Party Advisory",[],{"date":107,"score":67,"percentile":108},"2026-06-04",0.00137,[110,114,117,120,124,127,130,133,136,139,141,143,145,147,150,153,155,157,159,161,163,165,168,170,172,174,176,179,181,183,186,188,191,193,196,199,201,203,205,207,209,211,213,215,217,220,223,225,227,229,231,234,236,238,240,242,244,246,248,250,253,256,258,260,263,266,268,270,273,276,279,281,283,285,287,289,291,294,297,299,301,303,305,307,309,311,313,315,317,319],{"date":111,"score":112,"percentile":113},"2026-02-05",0.00005,0.00259,{"date":115,"score":67,"percentile":116},"2026-02-06",0.00112,{"date":118,"score":67,"percentile":119},"2026-02-07",0.00113,{"date":121,"score":122,"percentile":123},"2026-02-08",0.00004,0.00147,{"date":125,"score":122,"percentile":126},"2026-02-09",0.00148,{"date":128,"score":122,"percentile":129},"2026-02-10",0.0015,{"date":131,"score":67,"percentile":132},"2026-02-11",0.00092,{"date":134,"score":67,"percentile":135},"2026-02-12",0.00091,{"date":137,"score":67,"percentile":138},"2026-02-13",0.0009,{"date":140,"score":67,"percentile":138},"2026-02-14",{"date":142,"score":67,"percentile":138},"2026-02-15",{"date":144,"score":67,"percentile":138},"2026-02-16",{"date":146,"score":67,"percentile":138},"2026-02-17",{"date":148,"score":67,"percentile":149},"2026-02-18",0.00096,{"date":151,"score":67,"percentile":152},"2026-02-19",0.00095,{"date":154,"score":67,"percentile":149},"2026-02-20",{"date":156,"score":67,"percentile":149},"2026-02-21",{"date":158,"score":67,"percentile":149},"2026-02-22",{"date":160,"score":67,"percentile":149},"2026-02-23",{"date":162,"score":67,"percentile":149},"2026-02-24",{"date":164,"score":67,"percentile":149},"2026-02-25",{"date":166,"score":122,"percentile":167},"2026-02-26",0.00136,{"date":169,"score":122,"percentile":167},"2026-02-27",{"date":171,"score":122,"percentile":167},"2026-02-28",{"date":173,"score":122,"percentile":108},"2026-03-01",{"date":175,"score":122,"percentile":167},"2026-03-02",{"date":177,"score":122,"percentile":178},"2026-03-03",0.00139,{"date":180,"score":122,"percentile":108},"2026-03-04",{"date":182,"score":122,"percentile":108},"2026-03-05",{"date":184,"score":122,"percentile":185},"2026-03-06",0.00138,{"date":187,"score":122,"percentile":178},"2026-03-07",{"date":189,"score":122,"percentile":190},"2026-03-08",0.00167,{"date":192,"score":122,"percentile":190},"2026-03-09",{"date":194,"score":122,"percentile":195},"2026-03-10",0.00166,{"date":197,"score":122,"percentile":198},"2026-03-11",0.00165,{"date":200,"score":122,"percentile":195},"2026-03-12",{"date":202,"score":122,"percentile":195},"2026-03-13",{"date":204,"score":122,"percentile":190},"2026-03-14",{"date":206,"score":122,"percentile":195},"2026-03-15",{"date":208,"score":122,"percentile":190},"2026-03-16",{"date":210,"score":122,"percentile":195},"2026-03-17",{"date":212,"score":122,"percentile":195},"2026-03-18",{"date":214,"score":122,"percentile":198},"2026-03-19",{"date":216,"score":122,"percentile":198},"2026-03-20",{"date":218,"score":122,"percentile":219},"2026-03-21",0.00179,{"date":221,"score":122,"percentile":222},"2026-03-22",0.00178,{"date":224,"score":122,"percentile":219},"2026-03-23",{"date":226,"score":122,"percentile":219},"2026-03-24",{"date":228,"score":122,"percentile":222},"2026-03-25",{"date":230,"score":122,"percentile":222},"2026-03-26",{"date":232,"score":122,"percentile":233},"2026-03-27",0.0018,{"date":235,"score":122,"percentile":219},"2026-03-28",{"date":237,"score":122,"percentile":219},"2026-03-29",{"date":239,"score":122,"percentile":219},"2026-03-30",{"date":241,"score":122,"percentile":222},"2026-03-31",{"date":243,"score":122,"percentile":222},"2026-04-01",{"date":245,"score":122,"percentile":222},"2026-04-02",{"date":247,"score":122,"percentile":222},"2026-04-03",{"date":249,"score":122,"percentile":126},"2026-04-04",{"date":251,"score":67,"percentile":252},"2026-04-05",0.001,{"date":254,"score":67,"percentile":255},"2026-04-06",0.00101,{"date":257,"score":67,"percentile":255},"2026-04-07",{"date":259,"score":67,"percentile":255},"2026-04-08",{"date":261,"score":67,"percentile":262},"2026-04-09",0.00102,{"date":264,"score":67,"percentile":265},"2026-04-10",0.00103,{"date":267,"score":67,"percentile":262},"2026-04-11",{"date":269,"score":67,"percentile":262},"2026-04-12",{"date":271,"score":67,"percentile":272},"2026-04-13",0.00133,{"date":274,"score":67,"percentile":275},"2026-04-14",0.00132,{"date":277,"score":67,"percentile":278},"2026-04-15",0.00131,{"date":280,"score":67,"percentile":275},"2026-04-16",{"date":282,"score":67,"percentile":272},"2026-04-17",{"date":284,"score":67,"percentile":272},"2026-04-18",{"date":286,"score":67,"percentile":275},"2026-04-19",{"date":288,"score":67,"percentile":275},"2026-04-20",{"date":290,"score":67,"percentile":167},"2026-04-21",{"date":292,"score":67,"percentile":293},"2026-04-22",0.00134,{"date":295,"score":67,"percentile":296},"2026-04-23",0.00135,{"date":298,"score":67,"percentile":167},"2026-04-24",{"date":300,"score":67,"percentile":167},"2026-04-25",{"date":302,"score":67,"percentile":167},"2026-04-26",{"date":304,"score":67,"percentile":167},"2026-04-27",{"date":306,"score":67,"percentile":272},"2026-04-28",{"date":308,"score":67,"percentile":293},"2026-04-29",{"date":310,"score":67,"percentile":167},"2026-04-30",{"date":312,"score":67,"percentile":296},"2026-05-01",{"date":314,"score":67,"percentile":296},"2026-05-02",{"date":316,"score":67,"percentile":293},"2026-05-03",{"date":318,"score":67,"percentile":272},"2026-05-04",{"date":320,"score":67,"percentile":275},"2026-05-05",[322,327],{"source":70,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":323,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":324,"vectorString":71,"impactScore":325,"exploitabilityScore":326},"LOW",2.3,5.1,{"source":76,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":328,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":324,"vectorString":71,"impactScore":325,"exploitabilityScore":326},[330,345,355],{"ecosystem":9,"name":331,"vendor":332,"product":331,"cpe_part":333,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":334},"os","go standard library","a",[335,340],{"version":336,"is_range":337,"range_type":70,"version_start":9,"version_start_type":9,"version_end":338,"version_end_type":339,"fixed_in":9},"\u003C 1.23.9",true,"1.23.9","excluding",{"version":341,"is_range":337,"range_type":70,"version_start":342,"version_start_type":343,"version_end":344,"version_end_type":339,"fixed_in":9},">= 1.24.0-0, \u003C 1.24.3","1.24.0-0","including","1.24.3",{"ecosystem":9,"name":346,"vendor":347,"product":346,"cpe_part":333,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":348},"go","golang",[349,352],{"version":350,"is_range":337,"range_type":351,"version_start":9,"version_start_type":9,"version_end":338,"version_end_type":339,"fixed_in":9},"lt1.23.9","cpe",{"version":353,"is_range":337,"range_type":351,"version_start":354,"version_start_type":343,"version_end":344,"version_end_type":339,"fixed_in":9},"gte1.24.0_lt1.24.3","1.24.0",{"ecosystem":356,"name":357,"vendor":356,"product":357,"cpe_part":9,"purl_type":347,"purl_namespace":9,"purl_name":357,"source":9,"versions":358},"Go","stdlib",[359],{"version":360,"is_range":337,"range_type":361,"version_start":342,"version_start_type":343,"version_end":344,"version_end_type":339,"fixed_in":9},"gte1_24_0_0_lt1_24_3","semver"]