[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-41395":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":20,"duplicate_of":9,"upstream":23,"downstream":24,"duplicates":27,"related":28,"reserved_at":9,"published_at":38,"modified_at":39,"state":40,"summary":41,"references_raw":50,"kevs":82,"epss":83,"epss_history":86,"metrics":362,"affected":376},"CVE-2025-41395","Mattermost versions 10.4.x \u003C= 10.4.2, 10.5.x \u003C= 10.5.0, 9.11.x \u003C= 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of service (DoS) of the web app for all users.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-1287","Improper Validation of Specified Type of Input","The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.","weakness","Incomplete","Base",[],[],[21,22],"GO-2025-3642","GHSA-3g36-gf7c-75qw",[],[25],{"_key":26},"OPENSUSE-SU-2025:15033-1",[],[29,30,32,34,36],{"_key":26},{"_key":31},"CGA-54R4-MQFG-4CF3",{"_key":33},"CGA-JWCH-FP6C-JXGV",{"_key":35},"CGA-XXC2-C25V-6XJM",{"_key":37},"CGA-8M6C-F44Q-9R89","2025-04-24T06:48:31.087Z","2025-04-24T13:58:04.968Z","Analyzed",{"cisa_kev":42,"cisa_ransomware":42,"cisa_vendor":9,"epss_severity":43,"epss_score":44,"severity":45,"severity_score":46,"severity_version":47,"severity_source":48,"severity_vector":49,"severity_status":40},false,"low",0.00126,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[51,59,64,68,73,77],{"url":52,"sources":53,"tags":56},"https://mattermost.com/security-updates",[54,48,55],"cve.org","osv_go",[57,58],"Vendor Advisory","WEB",{"url":60,"sources":61,"tags":62},"https://github.com/advisories/GHSA-3g36-gf7c-75qw",[55],[63],"Advisory",{"url":65,"sources":66,"tags":67},"https://nvd.nist.gov/vuln/detail/CVE-2025-41395",[55],[63],{"url":69,"sources":70,"tags":71},"https://github.com/mattermost/mattermost-plugin-playbooks/commit/4c823090e281cb9c0d5c17ee2e5db275117540d1",[55],[72,58],"FIX",{"url":74,"sources":75,"tags":76},"https://github.com/mattermost/mattermost/commit/2b5275d87136f07e016c8eca09a2f004b31afc8a",[55],[58],{"url":78,"sources":79,"tags":80},"https://github.com/mattermost/mattermost-plugin-playbooks",[55],[81],"PACKAGE",[],{"date":84,"score":44,"percentile":85},"2026-06-04",0.31402,[87,91,94,97,100,102,105,108,111,114,117,120,123,126,129,133,136,139,143,146,149,152,155,158,161,165,168,171,174,177,180,183,186,189,192,195,198,201,204,207,210,213,216,219,222,225,228,231,234,237,240,242,245,248,251,255,258,261,264,267,270,273,276,279,282,285,289,292,295,298,301,304,307,310,313,316,320,323,326,329,332,335,338,341,344,347,350,353,356,359],{"date":88,"score":89,"percentile":90},"2025-11-04",0.00129,0.33139,{"date":92,"score":89,"percentile":93},"2025-11-05",0.33118,{"date":95,"score":89,"percentile":96},"2025-11-06",0.33119,{"date":98,"score":89,"percentile":99},"2025-11-07",0.33136,{"date":101,"score":89,"percentile":99},"2025-11-08",{"date":103,"score":89,"percentile":104},"2025-11-09",0.33112,{"date":106,"score":89,"percentile":107},"2025-11-10",0.33057,{"date":109,"score":89,"percentile":110},"2025-11-11",0.33081,{"date":112,"score":89,"percentile":113},"2025-11-12",0.33127,{"date":115,"score":89,"percentile":116},"2025-11-13",0.33142,{"date":118,"score":89,"percentile":119},"2025-11-14",0.33147,{"date":121,"score":89,"percentile":122},"2025-11-15",0.33144,{"date":124,"score":89,"percentile":125},"2025-11-16",0.33114,{"date":127,"score":89,"percentile":128},"2025-11-17",0.33086,{"date":130,"score":131,"percentile":132},"2025-11-18",0.00197,0.37278,{"date":134,"score":131,"percentile":135},"2025-11-19",0.37283,{"date":137,"score":131,"percentile":138},"2025-11-20",0.37277,{"date":140,"score":141,"percentile":142},"2025-11-21",0.00054,0.16998,{"date":144,"score":141,"percentile":145},"2025-11-22",0.1701,{"date":147,"score":141,"percentile":148},"2025-11-23",0.16977,{"date":150,"score":141,"percentile":151},"2025-11-24",0.16942,{"date":153,"score":141,"percentile":154},"2025-11-25",0.16933,{"date":156,"score":141,"percentile":157},"2025-11-26",0.16921,{"date":159,"score":141,"percentile":160},"2025-11-27",0.16929,{"date":162,"score":163,"percentile":164},"2025-11-28",0.00052,0.16052,{"date":166,"score":163,"percentile":167},"2025-11-29",0.16027,{"date":169,"score":163,"percentile":170},"2025-11-30",0.16033,{"date":172,"score":163,"percentile":173},"2025-12-01",0.16069,{"date":175,"score":163,"percentile":176},"2025-12-02",0.16077,{"date":178,"score":163,"percentile":179},"2025-12-03",0.16096,{"date":181,"score":163,"percentile":182},"2025-12-04",0.16066,{"date":184,"score":163,"percentile":185},"2025-12-05",0.16129,{"date":187,"score":163,"percentile":188},"2025-12-06",0.16138,{"date":190,"score":163,"percentile":191},"2025-12-07",0.16119,{"date":193,"score":163,"percentile":194},"2025-12-08",0.16132,{"date":196,"score":163,"percentile":197},"2025-12-09",0.16187,{"date":199,"score":163,"percentile":200},"2025-12-10",0.16248,{"date":202,"score":163,"percentile":203},"2025-12-11",0.1629,{"date":205,"score":163,"percentile":206},"2025-12-12",0.16338,{"date":208,"score":163,"percentile":209},"2025-12-13",0.16335,{"date":211,"score":163,"percentile":212},"2025-12-14",0.16298,{"date":214,"score":163,"percentile":215},"2025-12-15",0.16266,{"date":217,"score":163,"percentile":218},"2025-12-16",0.16285,{"date":220,"score":163,"percentile":221},"2025-12-17",0.16377,{"date":223,"score":163,"percentile":224},"2025-12-18",0.16434,{"date":226,"score":163,"percentile":227},"2025-12-19",0.1648,{"date":229,"score":163,"percentile":230},"2025-12-20",0.16458,{"date":232,"score":163,"percentile":233},"2025-12-21",0.16417,{"date":235,"score":163,"percentile":236},"2025-12-22",0.16356,{"date":238,"score":163,"percentile":239},"2025-12-23",0.16359,{"date":241,"score":163,"percentile":221},"2025-12-24",{"date":243,"score":163,"percentile":244},"2025-12-25",0.1645,{"date":246,"score":163,"percentile":247},"2025-12-26",0.16439,{"date":249,"score":163,"percentile":250},"2025-12-27",0.16442,{"date":252,"score":253,"percentile":254},"2025-12-28",0.00057,0.1803,{"date":256,"score":253,"percentile":257},"2025-12-29",0.17997,{"date":259,"score":253,"percentile":260},"2025-12-30",0.1801,{"date":262,"score":253,"percentile":263},"2025-12-31",0.18078,{"date":265,"score":253,"percentile":266},"2026-01-01",0.18178,{"date":268,"score":253,"percentile":269},"2026-01-02",0.18166,{"date":271,"score":253,"percentile":272},"2026-01-03",0.18145,{"date":274,"score":253,"percentile":275},"2026-01-04",0.18042,{"date":277,"score":253,"percentile":278},"2026-01-05",0.18008,{"date":280,"score":253,"percentile":281},"2026-01-06",0.18025,{"date":283,"score":253,"percentile":284},"2026-01-07",0.18059,{"date":286,"score":287,"percentile":288},"2026-01-08",0.00063,0.19835,{"date":290,"score":287,"percentile":291},"2026-01-09",0.19836,{"date":293,"score":287,"percentile":294},"2026-01-10",0.19849,{"date":296,"score":287,"percentile":297},"2026-01-11",0.19814,{"date":299,"score":287,"percentile":300},"2026-01-12",0.19776,{"date":302,"score":287,"percentile":303},"2026-01-13",0.1975,{"date":305,"score":287,"percentile":306},"2026-01-14",0.19812,{"date":308,"score":287,"percentile":309},"2026-01-15",0.19816,{"date":311,"score":287,"percentile":312},"2026-01-16",0.19842,{"date":314,"score":287,"percentile":315},"2026-01-17",0.19858,{"date":317,"score":318,"percentile":319},"2026-01-18",0.00053,0.16717,{"date":321,"score":318,"percentile":322},"2026-01-19",0.1666,{"date":324,"score":318,"percentile":325},"2026-01-20",0.16631,{"date":327,"score":318,"percentile":328},"2026-01-21",0.1661,{"date":330,"score":318,"percentile":331},"2026-01-22",0.16546,{"date":333,"score":318,"percentile":334},"2026-01-23",0.16626,{"date":336,"score":318,"percentile":337},"2026-01-24",0.16654,{"date":339,"score":318,"percentile":340},"2026-01-25",0.16586,{"date":342,"score":318,"percentile":343},"2026-01-26",0.16484,{"date":345,"score":318,"percentile":346},"2026-01-27",0.16473,{"date":348,"score":318,"percentile":349},"2026-01-28",0.16482,{"date":351,"score":318,"percentile":352},"2026-01-29",0.16455,{"date":354,"score":318,"percentile":355},"2026-01-30",0.16463,{"date":357,"score":318,"percentile":358},"2026-01-31",0.16479,{"date":360,"score":318,"percentile":361},"2026-02-01",0.16498,[363,370,374],{"source":54,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":364,"cvss_v4_0":9},{"baseScore":365,"baseSeverity":366,"vectorString":367,"impactScore":368,"exploitabilityScore":369},6.5,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,7.2,{"source":48,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":371,"cvss_v4_0":9},{"baseScore":46,"baseSeverity":372,"vectorString":49,"impactScore":368,"exploitabilityScore":373},"HIGH",10,{"source":55,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":375,"cvss_v4_0":9},{"baseScore":365,"baseSeverity":9,"vectorString":367,"impactScore":368,"exploitabilityScore":369},[377,396,409,414,419,437,449],{"ecosystem":378,"name":379,"vendor":380,"product":381,"cpe_part":9,"purl_type":382,"purl_namespace":380,"purl_name":381,"source":9,"versions":383},"Go","github.com/mattermost/mattermost-plugin-playbooks","github.com/mattermost","mattermost-plugin-playbooks","golang",[384,388,392],{"version":385,"is_range":386,"range_type":387,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",true,"semver",{"version":389,"is_range":386,"range_type":387,"version_start":390,"version_start_type":391,"version_end":9,"version_end_type":9,"fixed_in":9},"gte2_0_0","2.0.0","including",{"version":393,"is_range":386,"range_type":387,"version_start":9,"version_start_type":9,"version_end":394,"version_end_type":395,"fixed_in":9},"lt1_41_0","1.41.0","excluding",{"ecosystem":378,"name":397,"vendor":380,"product":398,"cpe_part":9,"purl_type":382,"purl_namespace":380,"purl_name":398,"source":9,"versions":399},"github.com/mattermost/mattermost-server","mattermost-server",[400,403,406],{"version":401,"is_range":386,"range_type":387,"version_start":402,"version_start_type":391,"version_end":9,"version_end_type":9,"fixed_in":9},"gte9_11_0+incompatible","9.11.0+incompatible",{"version":404,"is_range":386,"range_type":387,"version_start":405,"version_start_type":391,"version_end":9,"version_end_type":9,"fixed_in":9},"gte10_4_0+incompatible","10.4.0+incompatible",{"version":407,"is_range":386,"range_type":387,"version_start":408,"version_start_type":391,"version_end":9,"version_end_type":9,"fixed_in":9},"gte10_5_0+incompatible","10.5.0+incompatible",{"ecosystem":378,"name":410,"vendor":397,"product":411,"cpe_part":9,"purl_type":382,"purl_namespace":397,"purl_name":411,"source":9,"versions":412},"github.com/mattermost/mattermost-server/v5","v5",[413],{"version":385,"is_range":386,"range_type":387,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":378,"name":415,"vendor":397,"product":416,"cpe_part":9,"purl_type":382,"purl_namespace":397,"purl_name":416,"source":9,"versions":417},"github.com/mattermost/mattermost-server/v6","v6",[418],{"version":385,"is_range":386,"range_type":387,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":378,"name":420,"vendor":421,"product":422,"cpe_part":9,"purl_type":382,"purl_namespace":421,"purl_name":422,"source":9,"versions":423},"github.com/mattermost/mattermost/server/v8","github.com/mattermost/mattermost/server","v8",[424,425,428,431,434],{"version":385,"is_range":386,"range_type":387,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":426,"is_range":386,"range_type":387,"version_start":9,"version_start_type":9,"version_end":427,"version_end_type":395,"fixed_in":9},"lt8_0_0_20250218121836_2b5275d87136","8.0.0-20250218121836-2b5275d87136",{"version":429,"is_range":386,"range_type":387,"version_start":430,"version_start_type":391,"version_end":9,"version_end_type":9,"fixed_in":9},"gte10_4_0","10.4.0",{"version":432,"is_range":386,"range_type":387,"version_start":433,"version_start_type":391,"version_end":9,"version_end_type":9,"fixed_in":9},"gte10_5_0","10.5.0",{"version":435,"is_range":386,"range_type":387,"version_start":436,"version_start_type":391,"version_end":9,"version_end_type":9,"fixed_in":9},"gte9_11_0","9.11.0",{"ecosystem":9,"name":438,"vendor":439,"product":439,"cpe_part":440,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":441},"Mattermost","mattermost","a",[442,445,446],{"version":443,"is_range":386,"range_type":54,"version_start":430,"version_start_type":391,"version_end":444,"version_end_type":391,"fixed_in":9},">= 10.4.0, \u003C= 10.4.2","10.4.2",{"version":433,"is_range":42,"range_type":54,"version_start":433,"version_start_type":391,"version_end":433,"version_end_type":391,"fixed_in":9},{"version":447,"is_range":386,"range_type":54,"version_start":436,"version_start_type":391,"version_end":448,"version_end_type":391,"fixed_in":9},">= 9.11.0, \u003C= 9.11.10","9.11.10",{"ecosystem":9,"name":450,"vendor":439,"product":451,"cpe_part":440,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":452},"mattermost server","mattermost_server",[453,457,460],{"version":454,"is_range":386,"range_type":455,"version_start":436,"version_start_type":391,"version_end":456,"version_end_type":395,"fixed_in":9},"gte9.11.0_lt9.11.11","cpe","9.11.11",{"version":458,"is_range":386,"range_type":455,"version_start":430,"version_start_type":391,"version_end":459,"version_end_type":395,"fixed_in":9},"gte10.4.0_lt10.4.3","10.4.3",{"version":461,"is_range":386,"range_type":455,"version_start":433,"version_start_type":391,"version_end":462,"version_end_type":395,"fixed_in":9},"gte10.5.0_lt10.5.1","10.5.1"]