[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-47273":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":50,"duplicate_of":9,"upstream":55,"downstream":56,"duplicates":153,"related":154,"reserved_at":9,"published_at":185,"modified_at":186,"state":187,"summary":188,"references_raw":196,"kevs":245,"epss":246,"epss_history":249,"metrics":523,"affected":537},"CVE-2025-47273","setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[41],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_PYPA_SETUPTOOLS","Setuptools","github","https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf","poc",0.3,false,[],[51,52,53,54],"GHSA-5rjg-fvgr-3xxf","BIT-setuptools-2025-47273","PYSEC-2025-49","ECHO-2d75-a206-3684",[],[57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141,143,145,147,149,151],{"_key":58},"SUSE-SU-2025:01704-2",{"_key":60},"SUSE-SU-2025:01744-1",{"_key":62},"UBUNTU-CVE-2025-47273",{"_key":64},"SUSE-SU-2025:01709-1",{"_key":66},"SUSE-SU-2025:01774-1",{"_key":68},"DLA-4183-1",{"_key":70},"SUSE-SU-2025:01693-1",{"_key":72},"SUSE-SU-2025:01695-1",{"_key":74},"SUSE-SU-2025:01715-1",{"_key":76},"SUSE-SU-2025:20412-1",{"_key":78},"SUSE-SU-2025:20462-1",{"_key":80},"SUSE-SU-2025:01704-1",{"_key":82},"SUSE-SU-2025:01723-1",{"_key":84},"SUSE-SU-2025:01810-1",{"_key":86},"OPENSUSE-SU-2026:10539-1",{"_key":88},"MGASA-2025-0288",{"_key":90},"USN-8010-1",{"_key":92},"DEBIAN-CVE-2025-47273",{"_key":94},"USN-7544-1",{"_key":96},"RHSA-2025:10407",{"_key":98},"RHSA-2025:11036",{"_key":100},"RHSA-2025:11043",{"_key":102},"RHSA-2025:11044",{"_key":104},"RHSA-2025:11101",{"_key":106},"RHSA-2025:11102",{"_key":108},"RHSA-2025:11424",{"_key":110},"RHSA-2025:11425",{"_key":112},"RHSA-2025:11426",{"_key":114},"RHSA-2025:11427",{"_key":116},"RHSA-2025:11463",{"_key":118},"RHSA-2025:11464",{"_key":120},"RHSA-2025:11584",{"_key":122},"RHSA-2025:11607",{"_key":124},"RHSA-2025:11868",{"_key":126},"RHSA-2025:11984",{"_key":128},"RHSA-2025:12020",{"_key":130},"RHSA-2025:12834",{"_key":132},"RHSA-2025:13578",{"_key":134},"RHSA-2025:13668",{"_key":136},"RHSA-2025:13669",{"_key":138},"RHSA-2025:13803",{"_key":140},"RHSA-2025:13804",{"_key":142},"RHSA-2025:14686",{"_key":144},"RHSA-2025:14900",{"_key":146},"RHSA-2025:15408",{"_key":148},"RHSA-2025:15410",{"_key":150},"RHSA-2025:15411",{"_key":152},"RHSA-2025:9940",[],[155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,171,173,175,177,179,181,183],{"_key":58},{"_key":60},{"_key":64},{"_key":66},{"_key":70},{"_key":72},{"_key":74},{"_key":76},{"_key":78},{"_key":80},{"_key":82},{"_key":84},{"_key":86},{"_key":88},{"_key":170},"CGA-5C5F-R26H-284V",{"_key":172},"CGA-8V73-GV3X-WHVX",{"_key":174},"CGA-992Q-7HM3-RGC2",{"_key":176},"CGA-9PHC-5C6Q-96M2",{"_key":178},"CGA-P2X9-4WHH-95J4",{"_key":180},"CGA-VVV9-2JJ9-5QMF",{"_key":182},"CGA-XFXG-R74V-9G44",{"_key":184},"CGA-84F9-G9MV-F6HP","2025-05-17T15:46:11.399Z","2025-05-28T15:03:15.516Z","Analyzed",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":189,"epss_score":190,"severity":191,"severity_score":192,"severity_version":193,"severity_source":194,"severity_vector":195,"severity_status":187},"low",0.0012,"high",8.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[197,207,214,220,225,231,236,240],{"url":45,"sources":198,"tags":201},[199,194,200],"cve.org","osv_pypi",[202,203,204,205,206],"X Refsource CONFIRM","Exploit","Vendor Advisory","WEB","EVIDENCE",{"url":208,"sources":209,"tags":210},"https://github.com/pypa/setuptools/issues/4946",[199,194,200],[211,203,212,205,213],"X Refsource MISC","Issue Tracking","REPORT",{"url":215,"sources":216,"tags":217},"https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b",[199,194,200],[211,218,205,219],"Patch","FIX",{"url":221,"sources":222,"tags":223},"https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88",[199,194,200],[211,224,205],"Product",{"url":226,"sources":227,"tags":228},"https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html",[199,194,200],[229,205,230],"Mailing List","ARTICLE",{"url":232,"sources":233,"tags":234},"https://nvd.nist.gov/vuln/detail/CVE-2025-47273",[200],[235],"Advisory",{"url":237,"sources":238,"tags":239},"https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2025-49.yaml",[200],[205],{"url":241,"sources":242,"tags":243},"https://github.com/pypa/setuptools",[200],[244],"PACKAGE",[],{"date":247,"score":190,"percentile":248},"2026-06-04",0.30533,[250,254,257,260,262,265,268,271,274,276,279,282,285,288,291,294,297,300,303,307,310,313,316,319,322,325,328,331,334,337,339,342,345,348,351,353,356,359,362,365,368,371,374,377,380,384,387,390,394,397,400,403,406,409,413,416,419,422,425,428,431,434,437,440,443,446,449,452,455,458,461,464,467,470,473,475,479,482,486,489,492,495,498,501,504,507,510,513,516,520],{"date":251,"score":252,"percentile":253},"2025-11-04",0.0009,0.26237,{"date":255,"score":252,"percentile":256},"2025-11-05",0.26209,{"date":258,"score":252,"percentile":259},"2025-11-06",0.26214,{"date":261,"score":252,"percentile":259},"2025-11-07",{"date":263,"score":252,"percentile":264},"2025-11-08",0.26211,{"date":266,"score":252,"percentile":267},"2025-11-09",0.26159,{"date":269,"score":252,"percentile":270},"2025-11-10",0.26122,{"date":272,"score":252,"percentile":273},"2025-11-11",0.26133,{"date":275,"score":252,"percentile":267},"2025-11-12",{"date":277,"score":252,"percentile":278},"2025-11-13",0.26162,{"date":280,"score":252,"percentile":281},"2025-11-14",0.26157,{"date":283,"score":252,"percentile":284},"2025-11-15",0.26149,{"date":286,"score":252,"percentile":287},"2025-11-16",0.26106,{"date":289,"score":252,"percentile":290},"2025-11-17",0.26067,{"date":292,"score":252,"percentile":293},"2025-11-18",0.21588,{"date":295,"score":252,"percentile":296},"2025-11-19",0.216,{"date":298,"score":252,"percentile":299},"2025-11-20",0.21579,{"date":301,"score":252,"percentile":302},"2025-11-21",0.25993,{"date":304,"score":305,"percentile":306},"2025-11-22",0.00099,0.28288,{"date":308,"score":305,"percentile":309},"2025-11-23",0.28256,{"date":311,"score":252,"percentile":312},"2025-11-24",0.25923,{"date":314,"score":252,"percentile":315},"2025-11-25",0.25912,{"date":317,"score":252,"percentile":318},"2025-11-26",0.25903,{"date":320,"score":252,"percentile":321},"2025-11-27",0.25901,{"date":323,"score":252,"percentile":324},"2025-11-28",0.25871,{"date":326,"score":252,"percentile":327},"2025-11-29",0.25861,{"date":329,"score":252,"percentile":330},"2025-11-30",0.25831,{"date":332,"score":252,"percentile":333},"2025-12-01",0.25865,{"date":335,"score":252,"percentile":336},"2025-12-02",0.25892,{"date":338,"score":252,"percentile":321},"2025-12-03",{"date":340,"score":252,"percentile":341},"2025-12-04",0.25834,{"date":343,"score":252,"percentile":344},"2025-12-05",0.25888,{"date":346,"score":252,"percentile":347},"2025-12-06",0.25894,{"date":349,"score":252,"percentile":350},"2025-12-07",0.25862,{"date":352,"score":252,"percentile":350},"2025-12-08",{"date":354,"score":252,"percentile":355},"2025-12-09",0.2591,{"date":357,"score":252,"percentile":358},"2025-12-10",0.25979,{"date":360,"score":305,"percentile":361},"2025-12-11",0.28296,{"date":363,"score":305,"percentile":364},"2025-12-12",0.2831,{"date":366,"score":305,"percentile":367},"2025-12-13",0.28307,{"date":369,"score":305,"percentile":370},"2025-12-14",0.28274,{"date":372,"score":305,"percentile":373},"2025-12-15",0.2824,{"date":375,"score":305,"percentile":376},"2025-12-16",0.28253,{"date":378,"score":305,"percentile":379},"2025-12-17",0.28313,{"date":381,"score":382,"percentile":383},"2025-12-18",0.00109,0.30119,{"date":385,"score":305,"percentile":386},"2025-12-19",0.28376,{"date":388,"score":305,"percentile":389},"2025-12-20",0.2834,{"date":391,"score":392,"percentile":393},"2025-12-21",0.00135,0.3405,{"date":395,"score":392,"percentile":396},"2025-12-22",0.34021,{"date":398,"score":392,"percentile":399},"2025-12-23",0.34018,{"date":401,"score":392,"percentile":402},"2025-12-24",0.34013,{"date":404,"score":392,"percentile":405},"2025-12-25",0.34078,{"date":407,"score":392,"percentile":408},"2025-12-26",0.34058,{"date":410,"score":411,"percentile":412},"2025-12-27",0.00157,0.37219,{"date":414,"score":392,"percentile":415},"2025-12-28",0.33971,{"date":417,"score":392,"percentile":418},"2025-12-29",0.33939,{"date":420,"score":392,"percentile":421},"2025-12-30",0.33931,{"date":423,"score":392,"percentile":424},"2025-12-31",0.33983,{"date":426,"score":392,"percentile":427},"2026-01-01",0.34137,{"date":429,"score":392,"percentile":430},"2026-01-02",0.34127,{"date":432,"score":392,"percentile":433},"2026-01-03",0.34113,{"date":435,"score":392,"percentile":436},"2026-01-04",0.33964,{"date":438,"score":392,"percentile":439},"2026-01-05",0.33945,{"date":441,"score":392,"percentile":442},"2026-01-06",0.33956,{"date":444,"score":392,"percentile":445},"2026-01-07",0.33974,{"date":447,"score":392,"percentile":448},"2026-01-08",0.34,{"date":450,"score":392,"percentile":451},"2026-01-09",0.33997,{"date":453,"score":392,"percentile":454},"2026-01-10",0.33998,{"date":456,"score":392,"percentile":457},"2026-01-11",0.33975,{"date":459,"score":392,"percentile":460},"2026-01-12",0.33907,{"date":462,"score":392,"percentile":463},"2026-01-13",0.33894,{"date":465,"score":392,"percentile":466},"2026-01-14",0.33933,{"date":468,"score":392,"percentile":469},"2026-01-15",0.33926,{"date":471,"score":392,"percentile":472},"2026-01-16",0.33948,{"date":474,"score":392,"percentile":421},"2026-01-17",{"date":476,"score":477,"percentile":478},"2026-01-18",0.0015,0.35934,{"date":480,"score":392,"percentile":481},"2026-01-19",0.33834,{"date":483,"score":484,"percentile":485},"2026-01-20",0.00148,0.35709,{"date":487,"score":484,"percentile":488},"2026-01-21",0.35691,{"date":490,"score":484,"percentile":491},"2026-01-22",0.35676,{"date":493,"score":484,"percentile":494},"2026-01-23",0.35734,{"date":496,"score":484,"percentile":497},"2026-01-24",0.35743,{"date":499,"score":484,"percentile":500},"2026-01-25",0.35689,{"date":502,"score":484,"percentile":503},"2026-01-26",0.3562,{"date":505,"score":484,"percentile":506},"2026-01-27",0.35615,{"date":508,"score":484,"percentile":509},"2026-01-28",0.35594,{"date":511,"score":484,"percentile":512},"2026-01-29",0.35565,{"date":514,"score":484,"percentile":515},"2026-01-30",0.3556,{"date":517,"score":518,"percentile":519},"2026-01-31",0.0018,0.39744,{"date":521,"score":518,"percentile":522},"2026-02-01",0.39847,[524,529,535],{"source":199,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":525},{"baseScore":526,"baseSeverity":527,"vectorString":528,"impactScore":9,"exploitabilityScore":9},7.7,"HIGH","CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",{"source":194,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":530,"cvss_v4_0":533},{"baseScore":192,"baseSeverity":527,"vectorString":195,"impactScore":531,"exploitabilityScore":532},9.8,7.2,{"baseScore":526,"baseSeverity":527,"vectorString":534,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",{"source":200,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":536,"cvss_v4_0":9},{"baseScore":192,"baseSeverity":9,"vectorString":195,"impactScore":531,"exploitabilityScore":532},[538,547,557,567],{"ecosystem":9,"name":539,"vendor":540,"product":541,"cpe_part":542,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":543},"debian linux","debian","debian_linux","o",[544],{"version":545,"is_range":48,"range_type":546,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0","cpe",{"ecosystem":9,"name":548,"vendor":549,"product":548,"cpe_part":550,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":551},"setuptools","pypa","a",[552],{"version":553,"is_range":554,"range_type":199,"version_start":9,"version_start_type":9,"version_end":555,"version_end_type":556,"fixed_in":9},"\u003C 78.1.1",true,"78.1.1","excluding",{"ecosystem":558,"name":548,"vendor":558,"product":548,"cpe_part":9,"purl_type":559,"purl_namespace":9,"purl_name":548,"source":9,"versions":560},"PyPI","pypi",[561,564],{"version":562,"is_range":554,"range_type":563,"version_start":9,"version_start_type":9,"version_end":555,"version_end_type":556,"fixed_in":9},"lt78_1_1","ecosystem",{"version":565,"is_range":554,"range_type":563,"version_start":9,"version_start_type":9,"version_end":566,"version_end_type":556,"fixed_in":9},"lt250a6d17978f9f6ac3ac887091f2d32886fbbb0b","250a6d17978f9f6ac3ac887091f2d32886fbbb0b",{"ecosystem":9,"name":548,"vendor":568,"product":548,"cpe_part":550,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":569},"python",[570],{"version":571,"is_range":554,"range_type":546,"version_start":9,"version_start_type":9,"version_end":555,"version_end_type":556,"fixed_in":9},"lt78.1.1"]