[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-4949":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":30,"aliases":40,"duplicate_of":9,"upstream":42,"downstream":43,"duplicates":68,"related":69,"reserved_at":9,"published_at":82,"modified_at":83,"state":84,"summary":85,"references_raw":93,"kevs":142,"epss":143,"epss_history":146,"metrics":426,"affected":441},"CVE-2025-4949","In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.",null,[11,23],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-611","Improper Restriction of XML External Entity Reference","The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-221","Data Serialization External Entities Blowup",[],{"_key":24,"id":24,"name":25,"description":26,"type":15,"status":27,"abstraction":28,"likelihood_of_exploit":9,"capec":29},"CWE-827","Improper Control of Document Type Definition","The product does not restrict a reference to a Document Type Definition (DTD) to the intended control sphere. This might allow attackers to reference arbitrary DTDs, possibly causing the product to expose files, consume excessive system resources, or execute arbitrary http requests on behalf of the attacker.","Incomplete","Variant",[],[31],{"_key":32,"name":33,"source":34,"url":35,"maturity":36,"reliability_score":37,"verified":38,"type":9,"platforms":39,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_3B20D9F5EEB4B162","Exploit Reference (gitlab.eclipse.org)","reference","https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281","unknown",0.2,false,[],[41],"GHSA-vrpq-qp53-qv56",[],[44,46,48,50,52,54,56,58,60,62,64,66],{"_key":45},"SUSE-SU-2025:02762-1",{"_key":47},"OPENSUSE-SU-2025:15232-1",{"_key":49},"DEBIAN-CVE-2025-4949",{"_key":51},"RHSA-2025:22187",{"_key":53},"RHSA-2025:22188",{"_key":55},"RHSA-2025:22773",{"_key":57},"RHSA-2025:22775",{"_key":59},"UBUNTU-CVE-2025-4949",{"_key":61},"RHSA-2026:6011",{"_key":63},"RHSA-2026:4915",{"_key":65},"RHSA-2026:4916",{"_key":67},"RHSA-2026:4917",[],[70,71,72,74,76,78,80],{"_key":45},{"_key":47},{"_key":73},"CGA-2H3Q-7R7P-CMJC",{"_key":75},"CGA-693F-M3W9-2FG3",{"_key":77},"CGA-H9P7-2RVV-2CW5",{"_key":79},"CGA-X238-2V8W-3J6M",{"_key":81},"CGA-H322-H2GW-X554","2025-05-21T06:47:19.777Z","2025-10-14T06:30:04.660Z","Analyzed",{"cisa_kev":38,"cisa_ransomware":38,"cisa_vendor":9,"epss_severity":86,"epss_score":87,"severity":88,"severity_score":89,"severity_version":90,"severity_source":91,"severity_vector":92,"severity_status":84},"low",0.00197,"medium",6.8,"v4.0","cve.org","CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green",[94,102,106,110,114,119,124,128,133,138],{"url":95,"sources":96,"tags":99},"https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",[91,97,98],"nvd","osv_maven",[100,101],"Release Notes","WEB",{"url":103,"sources":104,"tags":105},"https://projects.eclipse.org/projects/technology.jgit/releases/7.1.1",[91,97,98],[100,101],{"url":107,"sources":108,"tags":109},"https://projects.eclipse.org/projects/technology.jgit/releases/7.0.1",[91,97,98],[100,101],{"url":111,"sources":112,"tags":113},"https://projects.eclipse.org/projects/technology.jgit/releases/6.10.1",[91,97,98],[100,101],{"url":35,"sources":115,"tags":116},[91,97,98],[117,118,101],"Issue Tracking","Exploit",{"url":120,"sources":121,"tags":122},"https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",[91,97,98],[117,123,101],"Vendor Advisory",{"url":125,"sources":126,"tags":127},"https://projects.eclipse.org/projects/technology.jgit/releases/5.13.4",[91,97,98],[100,101],{"url":129,"sources":130,"tags":131},"https://nvd.nist.gov/vuln/detail/CVE-2025-4949",[98],[132],"Advisory",{"url":134,"sources":135,"tags":136},"https://github.com/eclipse-jgit/jgit",[98],[137],"PACKAGE",{"url":139,"sources":140,"tags":141},"https://projects.eclipse.org/projects/technology.jgit/releases/5.13.5",[98],[101],[],{"date":144,"score":87,"percentile":145},"2026-06-04",0.41501,[147,151,154,157,160,163,166,169,172,175,178,181,184,187,190,194,197,200,203,206,209,212,215,218,222,226,229,233,236,239,242,245,248,251,254,257,260,263,266,269,272,275,279,282,285,288,291,294,297,300,303,306,310,313,316,319,322,325,328,332,335,338,341,344,348,351,354,357,360,363,366,369,372,375,378,380,383,386,389,392,395,398,402,405,408,411,414,417,420,423],{"date":148,"score":149,"percentile":150},"2025-11-04",0.00051,0.15664,{"date":152,"score":149,"percentile":153},"2025-11-05",0.15692,{"date":155,"score":149,"percentile":156},"2025-11-06",0.15787,{"date":158,"score":149,"percentile":159},"2025-11-07",0.15809,{"date":161,"score":149,"percentile":162},"2025-11-08",0.15819,{"date":164,"score":149,"percentile":165},"2025-11-09",0.15792,{"date":167,"score":149,"percentile":168},"2025-11-10",0.15745,{"date":170,"score":149,"percentile":171},"2025-11-11",0.15768,{"date":173,"score":149,"percentile":174},"2025-11-12",0.15812,{"date":176,"score":149,"percentile":177},"2025-11-13",0.15845,{"date":179,"score":149,"percentile":180},"2025-11-14",0.15847,{"date":182,"score":149,"percentile":183},"2025-11-15",0.15805,{"date":185,"score":149,"percentile":186},"2025-11-16",0.15775,{"date":188,"score":149,"percentile":189},"2025-11-17",0.15726,{"date":191,"score":192,"percentile":193},"2025-11-18",0.00226,0.41366,{"date":195,"score":192,"percentile":196},"2025-11-19",0.41382,{"date":198,"score":192,"percentile":199},"2025-11-20",0.41392,{"date":201,"score":149,"percentile":202},"2025-11-21",0.15754,{"date":204,"score":149,"percentile":205},"2025-11-22",0.15757,{"date":207,"score":149,"percentile":208},"2025-11-23",0.15739,{"date":210,"score":149,"percentile":211},"2025-11-24",0.15698,{"date":213,"score":149,"percentile":214},"2025-11-25",0.15695,{"date":216,"score":149,"percentile":217},"2025-11-26",0.15683,{"date":219,"score":220,"percentile":221},"2025-11-27",0.00055,0.17104,{"date":223,"score":224,"percentile":225},"2025-11-28",0.00066,0.20306,{"date":227,"score":224,"percentile":228},"2025-11-29",0.20292,{"date":230,"score":231,"percentile":232},"2025-11-30",0.00061,0.18821,{"date":234,"score":149,"percentile":235},"2025-12-01",0.15694,{"date":237,"score":149,"percentile":238},"2025-12-02",0.15703,{"date":240,"score":149,"percentile":241},"2025-12-03",0.15727,{"date":243,"score":231,"percentile":244},"2025-12-04",0.18849,{"date":246,"score":231,"percentile":247},"2025-12-05",0.18901,{"date":249,"score":231,"percentile":250},"2025-12-06",0.18902,{"date":252,"score":231,"percentile":253},"2025-12-07",0.18889,{"date":255,"score":231,"percentile":256},"2025-12-08",0.18907,{"date":258,"score":231,"percentile":259},"2025-12-09",0.18974,{"date":261,"score":231,"percentile":262},"2025-12-10",0.19052,{"date":264,"score":231,"percentile":265},"2025-12-11",0.19093,{"date":267,"score":231,"percentile":268},"2025-12-12",0.19124,{"date":270,"score":231,"percentile":271},"2025-12-13",0.19138,{"date":273,"score":231,"percentile":274},"2025-12-14",0.19089,{"date":276,"score":277,"percentile":278},"2025-12-15",0.00081,0.24278,{"date":280,"score":277,"percentile":281},"2025-12-16",0.24301,{"date":283,"score":277,"percentile":284},"2025-12-17",0.24377,{"date":286,"score":277,"percentile":287},"2025-12-18",0.24441,{"date":289,"score":277,"percentile":290},"2025-12-19",0.24459,{"date":292,"score":277,"percentile":293},"2025-12-20",0.24426,{"date":295,"score":277,"percentile":296},"2025-12-21",0.24373,{"date":298,"score":277,"percentile":299},"2025-12-22",0.24331,{"date":301,"score":277,"percentile":302},"2025-12-23",0.24307,{"date":304,"score":277,"percentile":305},"2025-12-24",0.24321,{"date":307,"score":308,"percentile":309},"2025-12-25",0.00077,0.23574,{"date":311,"score":308,"percentile":312},"2025-12-26",0.23558,{"date":314,"score":308,"percentile":315},"2025-12-27",0.2356,{"date":317,"score":308,"percentile":318},"2025-12-28",0.23476,{"date":320,"score":308,"percentile":321},"2025-12-29",0.23448,{"date":323,"score":308,"percentile":324},"2025-12-30",0.23428,{"date":326,"score":308,"percentile":327},"2025-12-31",0.23485,{"date":329,"score":330,"percentile":331},"2026-01-01",0.00056,0.17767,{"date":333,"score":330,"percentile":334},"2026-01-02",0.17754,{"date":336,"score":330,"percentile":337},"2026-01-03",0.17733,{"date":339,"score":308,"percentile":340},"2026-01-04",0.23474,{"date":342,"score":308,"percentile":343},"2026-01-05",0.23451,{"date":345,"score":346,"percentile":347},"2026-01-06",0.00075,0.22928,{"date":349,"score":346,"percentile":350},"2026-01-07",0.22965,{"date":352,"score":346,"percentile":353},"2026-01-08",0.23019,{"date":355,"score":346,"percentile":356},"2026-01-09",0.23011,{"date":358,"score":346,"percentile":359},"2026-01-10",0.22996,{"date":361,"score":346,"percentile":362},"2026-01-11",0.22964,{"date":364,"score":346,"percentile":365},"2026-01-12",0.22931,{"date":367,"score":346,"percentile":368},"2026-01-13",0.22908,{"date":370,"score":346,"percentile":371},"2026-01-14",0.22968,{"date":373,"score":346,"percentile":374},"2026-01-15",0.22963,{"date":376,"score":346,"percentile":377},"2026-01-16",0.22994,{"date":379,"score":346,"percentile":377},"2026-01-17",{"date":381,"score":346,"percentile":382},"2026-01-18",0.22939,{"date":384,"score":346,"percentile":385},"2026-01-19",0.22895,{"date":387,"score":346,"percentile":388},"2026-01-20",0.22865,{"date":390,"score":346,"percentile":391},"2026-01-21",0.22826,{"date":393,"score":346,"percentile":394},"2026-01-22",0.22806,{"date":396,"score":346,"percentile":397},"2026-01-23",0.22894,{"date":399,"score":400,"percentile":401},"2026-01-24",0.00082,0.24479,{"date":403,"score":400,"percentile":404},"2026-01-25",0.24398,{"date":406,"score":400,"percentile":407},"2026-01-26",0.24299,{"date":409,"score":400,"percentile":410},"2026-01-27",0.24293,{"date":412,"score":400,"percentile":413},"2026-01-28",0.24287,{"date":415,"score":400,"percentile":416},"2026-01-29",0.24242,{"date":418,"score":400,"percentile":419},"2026-01-30",0.24227,{"date":421,"score":400,"percentile":422},"2026-01-31",0.24222,{"date":424,"score":330,"percentile":425},"2026-02-01",0.17502,[427,430,438],{"source":91,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":428},{"baseScore":89,"baseSeverity":429,"vectorString":92,"impactScore":9,"exploitabilityScore":9},"MEDIUM",{"source":97,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":431,"cvss_v4_0":436},{"baseScore":432,"baseSeverity":429,"vectorString":433,"impactScore":434,"exploitabilityScore":435},5.3,"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",6,4.1,{"baseScore":89,"baseSeverity":429,"vectorString":437,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Green",{"source":98,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":439},{"baseScore":89,"baseSeverity":9,"vectorString":440,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",[442,469,489],{"ecosystem":9,"name":443,"vendor":444,"product":444,"cpe_part":445,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":446},"Eclipse JGit","eclipse jgit","a",[447,454,458,462,465],{"version":448,"is_range":449,"range_type":91,"version_start":450,"version_start_type":451,"version_end":452,"version_end_type":453,"fixed_in":9},">= 7.2.0, \u003C 7.2.1.202505142326-r",true,"7.2.0","including","7.2.1.202505142326-r","excluding",{"version":455,"is_range":449,"range_type":91,"version_start":456,"version_start_type":451,"version_end":457,"version_end_type":453,"fixed_in":9},">= 7.1.0, \u003C 7.1.1.202505221757-r","7.1.0","7.1.1.202505221757-r",{"version":459,"is_range":449,"range_type":91,"version_start":460,"version_start_type":451,"version_end":461,"version_end_type":453,"fixed_in":9},">= 7.0.0, \u003C 7.0.1.202505221510-r","7.0.0","7.0.1.202505221510-r",{"version":463,"is_range":449,"range_type":91,"version_start":9,"version_start_type":9,"version_end":464,"version_end_type":453,"fixed_in":9},"\u003C 5.13.4.202507202350-r","5.13.4.202507202350-r",{"version":466,"is_range":449,"range_type":91,"version_start":467,"version_start_type":451,"version_end":468,"version_end_type":453,"fixed_in":9},">= 6.0.0, \u003C 6.10.1.202505221210-r","6.0.0","6.10.1.202505221210-r",{"ecosystem":9,"name":470,"vendor":471,"product":470,"cpe_part":445,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":472},"jgit","eclipse",[473,477,480,483,486],{"version":474,"is_range":449,"range_type":475,"version_start":9,"version_start_type":9,"version_end":476,"version_end_type":453,"fixed_in":9},"lt5.13.4","cpe","5.13.4",{"version":478,"is_range":449,"range_type":475,"version_start":467,"version_start_type":451,"version_end":479,"version_end_type":453,"fixed_in":9},"gte6.0.0_lt6.10.1.202505221210","6.10.1.202505221210",{"version":481,"is_range":449,"range_type":475,"version_start":460,"version_start_type":451,"version_end":482,"version_end_type":453,"fixed_in":9},"gte7.0.0_lt7.0.1.202505221510","7.0.1.202505221510",{"version":484,"is_range":449,"range_type":475,"version_start":456,"version_start_type":451,"version_end":485,"version_end_type":453,"fixed_in":9},"gte7.1.0_lt7.1.1.202505221757","7.1.1.202505221757",{"version":487,"is_range":449,"range_type":475,"version_start":450,"version_start_type":451,"version_end":488,"version_end_type":453,"fixed_in":9},"gte7.2.0_lt7.2.1.202505142326","7.2.1.202505142326",{"ecosystem":490,"name":491,"vendor":492,"product":492,"cpe_part":9,"purl_type":493,"purl_namespace":492,"purl_name":492,"source":9,"versions":494},"Maven","org.eclipse.jgit:org.eclipse.jgit","org.eclipse.jgit","maven",[495,499,502,505,508,512],{"version":496,"is_range":449,"range_type":497,"version_start":498,"version_start_type":451,"version_end":452,"version_end_type":453,"fixed_in":9},"gte7_2_0_202503040940_r_lt7_2_1_202505142326_r","ecosystem","7.2.0.202503040940-r",{"version":500,"is_range":449,"range_type":497,"version_start":501,"version_start_type":451,"version_end":457,"version_end_type":453,"fixed_in":9},"gte7_1_0_202411261347_r_lt7_1_1_202505221757_r","7.1.0.202411261347-r",{"version":503,"is_range":449,"range_type":497,"version_start":504,"version_start_type":451,"version_end":461,"version_end_type":453,"fixed_in":9},"gte7_0_0_202409031743_r_lt7_0_1_202505221510_r","7.0.0.202409031743-r",{"version":506,"is_range":449,"range_type":497,"version_start":507,"version_start_type":451,"version_end":468,"version_end_type":453,"fixed_in":9},"gte6_1_0_202203080745_r_lt6_10_1_202505221210_r","6.1.0.202203080745-r",{"version":509,"is_range":449,"range_type":497,"version_start":510,"version_start_type":451,"version_end":511,"version_end_type":453,"fixed_in":9},"gte6_0_0_202110060947_m1_lt6_0_0_202111291000_r","6.0.0.202110060947-m1","6.0.0.202111291000-r",{"version":513,"is_range":449,"range_type":497,"version_start":9,"version_start_type":9,"version_end":464,"version_end_type":453,"fixed_in":9},"lt5_13_4_202507202350_r"]