[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-31651":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":36,"aliases":37,"duplicate_of":9,"upstream":40,"downstream":41,"duplicates":102,"related":103,"reserved_at":9,"published_at":119,"modified_at":120,"state":121,"summary":122,"references_raw":131,"kevs":188,"epss":189,"epss_history":192,"metrics":478,"affected":489},"CVE-2025-31651","Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible \nfor a specially crafted request to bypass some rewrite rules. If those \nrewrite rules effectively enforced security constraints, those \nconstraints could be bypassed.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions \nmay also be affected.\n\n\nUsers are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-116","Improper Encoding or Escaping of Output","The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.","weakness","Draft","Class","High",[20,24,28,32],{"id":21,"name":22,"techniques":23},"CAPEC-104","Cross Zone Scripting",[],{"id":25,"name":26,"techniques":27},"CAPEC-73","User-Controlled Filename",[],{"id":29,"name":30,"techniques":31},"CAPEC-81","Web Server Logs Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-85","AJAX Footprinting",[],[],[38,39],"GHSA-ff77-26x5-69cr","BIT-tomcat-2025-31651",[],[42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100],{"_key":43},"SUSE-SU-2025:01521-1",{"_key":45},"SUSE-SU-2025:01882-1",{"_key":47},"SUSE-SU-2025:1521-1",{"_key":49},"SUSE-SU-2025:1537-1",{"_key":51},"DLA-4244-1",{"_key":53},"SUSE-SU-2025:01537-1",{"_key":55},"OPENSUSE-SU-2025:15048-1",{"_key":57},"OPENSUSE-SU-2025:15049-1",{"_key":59},"SUSE-SU-2026:1058-1",{"_key":61},"MGASA-2025-0145",{"_key":63},"USN-7705-1",{"_key":65},"DEBIAN-CVE-2025-31651",{"_key":67},"RHSA-2025:19809",{"_key":69},"RHSA-2025:22925",{"_key":71},"RHSA-2025:23044",{"_key":73},"RHSA-2025:23045",{"_key":75},"RHSA-2025:23046",{"_key":77},"RHSA-2025:23047",{"_key":79},"RHSA-2025:23048",{"_key":81},"RHSA-2025:23049",{"_key":83},"RHSA-2025:23050",{"_key":85},"RHSA-2025:23051",{"_key":87},"RHSA-2025:23052",{"_key":89},"RHSA-2025:23053",{"_key":91},"RHSA-2026:0292",{"_key":93},"RHSA-2026:0293",{"_key":95},"RHSA-2026:2724",{"_key":97},"RHSA-2026:2725",{"_key":99},"RHSA-2026:2726",{"_key":101},"UBUNTU-CVE-2025-31651",[],[104,105,106,107,108,109,110,111,112,113,115,117],{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":114},"CGA-576P-JVPW-WC6P",{"_key":116},"CGA-MM2J-X7M9-9WG3",{"_key":118},"CGA-895G-CQ6H-8W43","2025-04-28T19:17:21.721Z","2026-02-26T18:27:59.801Z","Modified",{"cisa_kev":123,"cisa_ransomware":123,"cisa_vendor":9,"epss_severity":124,"epss_score":125,"severity":126,"severity_score":127,"severity_version":128,"severity_source":129,"severity_vector":130,"severity_status":121},false,"low",0.00199,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[132,141,146,150,155,159,163,167,171,176,180,184],{"url":133,"sources":134,"tags":137},"https://lists.apache.org/list.html?announce@tomcat.apache.org",[129,135,136],"nvd","osv_maven",[138,139,140],"Vendor Advisory","Mailing List","WEB",{"url":142,"sources":143,"tags":144},"http://www.openwall.com/lists/oss-security/2025/04/28/3",[129,135,136],[139,145,140],"Third Party Advisory",{"url":147,"sources":148,"tags":149},"https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html",[129,135,136],[140],{"url":151,"sources":152,"tags":153},"https://nvd.nist.gov/vuln/detail/CVE-2025-31651",[136],[154],"Advisory",{"url":156,"sources":157,"tags":158},"https://github.com/apache/tomcat/commit/066bf6b6a15a4e7e0941d4acf096841165b97098",[136],[140],{"url":160,"sources":161,"tags":162},"https://github.com/apache/tomcat/commit/175dc75fc428930034a6c93fb52f830d955d8e64",[136],[140],{"url":164,"sources":165,"tags":166},"https://github.com/apache/tomcat/commit/ee3ab548e92345eca0cbd1f01649eb36c6f29454",[136],[140],{"url":168,"sources":169,"tags":170},"https://github.com/apache/tomcat/commit/fbecc915a10c5a3d634c5e2c6ced4ff479ce9953",[136],[140],{"url":172,"sources":173,"tags":174},"https://github.com/apache/tomcat",[136],[175],"PACKAGE",{"url":177,"sources":178,"tags":179},"https://tomcat.apache.org/security-10.html",[136],[140],{"url":181,"sources":182,"tags":183},"https://tomcat.apache.org/security-11.html",[136],[140],{"url":185,"sources":186,"tags":187},"https://tomcat.apache.org/security-9.html",[136],[140],[],{"date":190,"score":125,"percentile":191},"2026-06-04",0.41829,[193,197,200,203,206,209,212,215,218,221,224,227,230,233,236,240,243,246,250,254,257,261,264,267,270,273,276,279,283,286,290,292,295,298,301,304,307,310,313,316,319,322,325,328,331,335,338,341,345,348,351,354,357,360,363,366,369,372,375,379,382,386,390,393,396,399,402,405,408,411,415,418,421,424,427,430,434,437,440,443,447,450,453,456,459,462,465,468,471,474],{"date":194,"score":195,"percentile":196},"2025-11-04",0.00038,0.1072,{"date":198,"score":195,"percentile":199},"2025-11-05",0.1075,{"date":201,"score":195,"percentile":202},"2025-11-06",0.10863,{"date":204,"score":195,"percentile":205},"2025-11-07",0.10882,{"date":207,"score":195,"percentile":208},"2025-11-08",0.10893,{"date":210,"score":195,"percentile":211},"2025-11-09",0.10852,{"date":213,"score":195,"percentile":214},"2025-11-10",0.10805,{"date":216,"score":195,"percentile":217},"2025-11-11",0.10815,{"date":219,"score":195,"percentile":220},"2025-11-12",0.10849,{"date":222,"score":195,"percentile":223},"2025-11-13",0.10877,{"date":225,"score":195,"percentile":226},"2025-11-14",0.10887,{"date":228,"score":195,"percentile":229},"2025-11-15",0.10886,{"date":231,"score":195,"percentile":232},"2025-11-16",0.1089,{"date":234,"score":195,"percentile":235},"2025-11-17",0.10873,{"date":237,"score":238,"percentile":239},"2025-11-18",0.00392,0.57454,{"date":241,"score":238,"percentile":242},"2025-11-19",0.57471,{"date":244,"score":238,"percentile":245},"2025-11-20",0.57462,{"date":247,"score":248,"percentile":249},"2025-11-21",0.00042,0.12412,{"date":251,"score":252,"percentile":253},"2025-11-22",0.00047,0.14299,{"date":255,"score":252,"percentile":256},"2025-11-23",0.14287,{"date":258,"score":259,"percentile":260},"2025-11-24",0.00058,0.17852,{"date":262,"score":259,"percentile":263},"2025-11-25",0.17841,{"date":265,"score":259,"percentile":266},"2025-11-26",0.17828,{"date":268,"score":259,"percentile":269},"2025-11-27",0.1783,{"date":271,"score":259,"percentile":272},"2025-11-28",0.17818,{"date":274,"score":259,"percentile":275},"2025-11-29",0.17803,{"date":277,"score":259,"percentile":278},"2025-11-30",0.17812,{"date":280,"score":281,"percentile":282},"2025-12-01",0.0005,0.15489,{"date":284,"score":281,"percentile":285},"2025-12-02",0.155,{"date":287,"score":288,"percentile":289},"2025-12-03",0.00041,0.12141,{"date":291,"score":252,"percentile":253},"2025-12-04",{"date":293,"score":252,"percentile":294},"2025-12-05",0.14363,{"date":296,"score":259,"percentile":297},"2025-12-06",0.17899,{"date":299,"score":259,"percentile":300},"2025-12-07",0.17883,{"date":302,"score":259,"percentile":303},"2025-12-08",0.17895,{"date":305,"score":259,"percentile":306},"2025-12-09",0.17962,{"date":308,"score":259,"percentile":309},"2025-12-10",0.18022,{"date":311,"score":259,"percentile":312},"2025-12-11",0.18062,{"date":314,"score":259,"percentile":315},"2025-12-12",0.18098,{"date":317,"score":259,"percentile":318},"2025-12-13",0.18109,{"date":320,"score":259,"percentile":321},"2025-12-14",0.18056,{"date":323,"score":259,"percentile":324},"2025-12-15",0.18035,{"date":326,"score":259,"percentile":327},"2025-12-16",0.18068,{"date":329,"score":259,"percentile":330},"2025-12-17",0.18155,{"date":332,"score":333,"percentile":334},"2025-12-18",0.00064,0.20125,{"date":336,"score":333,"percentile":337},"2025-12-19",0.20147,{"date":339,"score":333,"percentile":340},"2025-12-20",0.20117,{"date":342,"score":343,"percentile":344},"2025-12-21",0.00078,0.23677,{"date":346,"score":343,"percentile":347},"2025-12-22",0.23638,{"date":349,"score":343,"percentile":350},"2025-12-23",0.23616,{"date":352,"score":333,"percentile":353},"2025-12-24",0.20069,{"date":355,"score":333,"percentile":356},"2025-12-25",0.20151,{"date":358,"score":333,"percentile":359},"2025-12-26",0.20144,{"date":361,"score":343,"percentile":362},"2025-12-27",0.23697,{"date":364,"score":343,"percentile":365},"2025-12-28",0.23611,{"date":367,"score":343,"percentile":368},"2025-12-29",0.23582,{"date":370,"score":343,"percentile":371},"2025-12-30",0.23561,{"date":373,"score":343,"percentile":374},"2025-12-31",0.23619,{"date":376,"score":377,"percentile":378},"2026-01-01",0.00075,0.22966,{"date":380,"score":377,"percentile":381},"2026-01-02",0.22964,{"date":383,"score":384,"percentile":385},"2026-01-03",0.00055,0.17581,{"date":387,"score":388,"percentile":389},"2026-01-04",0.00063,0.1989,{"date":391,"score":388,"percentile":392},"2026-01-05",0.19864,{"date":394,"score":388,"percentile":395},"2026-01-06",0.19879,{"date":397,"score":388,"percentile":398},"2026-01-07",0.19908,{"date":400,"score":388,"percentile":401},"2026-01-08",0.19964,{"date":403,"score":388,"percentile":404},"2026-01-09",0.19965,{"date":406,"score":388,"percentile":407},"2026-01-10",0.19977,{"date":409,"score":388,"percentile":410},"2026-01-11",0.19941,{"date":412,"score":413,"percentile":414},"2026-01-12",0.00086,0.2519,{"date":416,"score":413,"percentile":417},"2026-01-13",0.25167,{"date":419,"score":413,"percentile":420},"2026-01-14",0.25223,{"date":422,"score":413,"percentile":423},"2026-01-15",0.25212,{"date":425,"score":413,"percentile":426},"2026-01-16",0.25245,{"date":428,"score":413,"percentile":429},"2026-01-17",0.25251,{"date":431,"score":432,"percentile":433},"2026-01-18",0.0007,0.21656,{"date":435,"score":432,"percentile":436},"2026-01-19",0.21605,{"date":438,"score":432,"percentile":439},"2026-01-20",0.21586,{"date":441,"score":413,"percentile":442},"2026-01-21",0.25089,{"date":444,"score":445,"percentile":446},"2026-01-22",0.00116,0.30963,{"date":448,"score":445,"percentile":449},"2026-01-23",0.3103,{"date":451,"score":445,"percentile":452},"2026-01-24",0.31045,{"date":454,"score":445,"percentile":455},"2026-01-25",0.30972,{"date":457,"score":445,"percentile":458},"2026-01-26",0.30892,{"date":460,"score":445,"percentile":461},"2026-01-27",0.30878,{"date":463,"score":445,"percentile":464},"2026-01-28",0.30858,{"date":466,"score":445,"percentile":467},"2026-01-29",0.30815,{"date":469,"score":445,"percentile":470},"2026-01-30",0.30805,{"date":472,"score":445,"percentile":473},"2026-01-31",0.3081,{"date":475,"score":476,"percentile":477},"2026-02-01",0.00071,0.21846,[479,483,485],{"source":129,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":480,"cvss_v4_0":9},{"baseScore":127,"baseSeverity":481,"vectorString":130,"impactScore":127,"exploitabilityScore":482},"CRITICAL",10,{"source":135,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":484,"cvss_v4_0":9},{"baseScore":127,"baseSeverity":481,"vectorString":130,"impactScore":127,"exploitabilityScore":482},{"source":136,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":486},{"baseScore":487,"baseSeverity":9,"vectorString":488,"impactScore":9,"exploitabilityScore":9},6.9,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",[490,514,531,550],{"ecosystem":9,"name":491,"vendor":492,"product":493,"cpe_part":494,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":495},"Apache Tomcat","apache software foundation","apache tomcat","a",[496,502,506,510],{"version":497,"is_range":498,"range_type":129,"version_start":499,"version_start_type":500,"version_end":501,"version_end_type":500,"fixed_in":9},">= 11.0.0-M1, \u003C= 11.0.5",true,"11.0.0-M1","including","11.0.5",{"version":503,"is_range":498,"range_type":129,"version_start":504,"version_start_type":500,"version_end":505,"version_end_type":500,"fixed_in":9},">= 10.1.0-M1, \u003C= 10.1.39","10.1.0-M1","10.1.39",{"version":507,"is_range":498,"range_type":129,"version_start":508,"version_start_type":500,"version_end":509,"version_end_type":500,"fixed_in":9},">= 9.0.0.M1, \u003C= 9.0.102","9.0.0.M1","9.0.102",{"version":511,"is_range":498,"range_type":129,"version_start":512,"version_start_type":500,"version_end":513,"version_end_type":500,"fixed_in":9},">= 8.5.0, \u003C= 8.5.100","8.5.0","8.5.100",{"ecosystem":9,"name":515,"vendor":9,"product":515,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":516},"Tomcat",[517,523,527],{"version":518,"is_range":498,"range_type":519,"version_start":520,"version_start_type":500,"version_end":521,"version_end_type":522,"fixed_in":9},"gte9.0.0_lt9.0.104","cpe","9.0.0","9.0.104","excluding",{"version":524,"is_range":498,"range_type":519,"version_start":525,"version_start_type":500,"version_end":526,"version_end_type":522,"fixed_in":9},"gte10.1.0_lt10.1.40","10.1.0","10.1.40",{"version":528,"is_range":498,"range_type":519,"version_start":529,"version_start_type":500,"version_end":530,"version_end_type":522,"fixed_in":9},"gte11.0.0_lt11.0.6","11.0.0","11.0.6",{"ecosystem":532,"name":533,"vendor":534,"product":535,"cpe_part":9,"purl_type":536,"purl_namespace":534,"purl_name":535,"source":9,"versions":537},"Maven","org.apache.tomcat:tomcat-catalina","org.apache.tomcat","tomcat-catalina","maven",[538,542,545,548],{"version":539,"is_range":498,"range_type":540,"version_start":541,"version_start_type":500,"version_end":521,"version_end_type":522,"fixed_in":9},"gte9_0_76_lt9_0_104","ecosystem","9.0.76",{"version":543,"is_range":498,"range_type":540,"version_start":544,"version_start_type":500,"version_end":526,"version_end_type":522,"fixed_in":9},"gte10_1_10_lt10_1_40","10.1.10",{"version":546,"is_range":498,"range_type":540,"version_start":547,"version_start_type":500,"version_end":530,"version_end_type":522,"fixed_in":9},"gte11_0_0_M2_lt11_0_6","11.0.0-M2",{"version":549,"is_range":498,"range_type":540,"version_start":512,"version_start_type":500,"version_end":513,"version_end_type":500,"fixed_in":9},"gte8_5_0_lte8_5_100",{"ecosystem":532,"name":551,"vendor":552,"product":553,"cpe_part":9,"purl_type":536,"purl_namespace":552,"purl_name":553,"source":9,"versions":554},"org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed","tomcat-embed-core",[555,556,557,558],{"version":539,"is_range":498,"range_type":540,"version_start":541,"version_start_type":500,"version_end":521,"version_end_type":522,"fixed_in":9},{"version":543,"is_range":498,"range_type":540,"version_start":544,"version_start_type":500,"version_end":526,"version_end_type":522,"fixed_in":9},{"version":546,"is_range":498,"range_type":540,"version_start":547,"version_start_type":500,"version_end":530,"version_end_type":522,"fixed_in":9},{"version":549,"is_range":498,"range_type":540,"version_start":512,"version_start_type":500,"version_end":513,"version_end_type":500,"fixed_in":9}]