[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-61140":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":93,"aliases":94,"duplicate_of":9,"upstream":96,"downstream":97,"duplicates":110,"related":111,"reserved_at":9,"published_at":118,"modified_at":119,"state":120,"summary":121,"references_raw":130,"kevs":166,"epss":167,"epss_history":170,"metrics":442,"affected":453},"CVE-2025-61140","The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-1321","Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.","weakness","Incomplete","Variant",[19,67,89],{"id":20,"name":21,"techniques":22},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[23],{"id":24,"name":25,"tactics":26,"countermeasures":42},"T1574.010","Services File Permissions Weakness",[27,30,33,36,39],{"id":28,"name":29},"TA0110","Persistence",{"id":31,"name":32},"TA0111","Privilege Escalation",{"id":34,"name":35},"TA0030","Defense Evasion",{"id":37,"name":38},"TA0005","Stealth",{"id":40,"name":41},"TA0104","Execution",[43,48,52,57,62],{"id":44,"name":45,"tactic":46},"D3-SWI","Software Inventory",{"name":47},"Model",{"id":49,"name":50,"tactic":51},"D3-AVE","Asset Vulnerability Enumeration",{"name":47},{"id":53,"name":54,"tactic":55},"D3-SBV","Service Binary Verification",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SU","Software Update",{"name":61},"Harden",{"id":63,"name":64,"tactic":65},"D3-RS","Restore Software",{"name":66},"Restore",{"id":68,"name":69,"techniques":70},"CAPEC-180","Exploiting Incorrectly Configured Access Control Security Levels",[71],{"id":24,"name":25,"tactics":72,"countermeasures":78},[73,74,75,76,77],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[79,81,83,85,87],{"id":44,"name":45,"tactic":80},{"name":47},{"id":49,"name":50,"tactic":82},{"name":47},{"id":53,"name":54,"tactic":84},{"name":56},{"id":58,"name":59,"tactic":86},{"name":61},{"id":63,"name":64,"tactic":88},{"name":66},{"id":90,"name":91,"techniques":92},"CAPEC-77","Manipulating User-Controlled Variables",[],[],[95],"GHSA-6c59-mwgh-r2x6",[],[98,100,102,104,106,108],{"_key":99},"OPENSUSE-SU-2026:20239-1",{"_key":101},"SUSE-SU-2026:1013-1",{"_key":103},"SUSE-SU-2026:1008-1",{"_key":105},"SUSE-SU-2026:1148-1",{"_key":107},"SUSE-SU-2026:1524-1",{"_key":109},"SUSE-SU-2026:20574-1",[],[112,113,114,115,116,117],{"_key":99},{"_key":101},{"_key":103},{"_key":105},{"_key":107},{"_key":109},"2026-01-28T00:00:00.000Z","2026-01-29T15:16:15.666Z","Analyzed",{"cisa_kev":122,"cisa_ransomware":122,"cisa_vendor":9,"epss_severity":123,"epss_score":124,"severity":125,"severity_score":126,"severity_version":127,"severity_source":128,"severity_vector":129,"severity_status":120},false,"low",0.00089,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[131,139,145,150,154,158,162],{"url":132,"sources":133,"tags":136},"https://github.com/dchester/jsonpath",[128,134,135],"nvd","osv_npm",[137,138],"PACKAGE","Product",{"url":140,"sources":141,"tags":142},"https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d",[128,134,135],[143,144],"WEB","Third Party Advisory",{"url":146,"sources":147,"tags":148},"https://nvd.nist.gov/vuln/detail/CVE-2025-61140",[135],[149],"Advisory",{"url":151,"sources":152,"tags":153},"https://github.com/dchester/jsonpath/issues/181",[135],[143],{"url":155,"sources":156,"tags":157},"https://github.com/dchester/jsonpath/issues/194",[135],[143],{"url":159,"sources":160,"tags":161},"https://github.com/dchester/jsonpath/pull/195",[135],[143],{"url":163,"sources":164,"tags":165},"https://github.com/dchester/jsonpath/commit/9631412641b7095f86840a7a45b5b3afc68b0fcb",[135],[143],[],{"date":168,"score":124,"percentile":169},"2026-06-05",0.25423,[171,175,179,182,185,188,192,195,198,201,204,207,210,213,216,219,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,271,274,277,280,283,286,289,292,295,298,301,304,307,309,312,314,317,320,323,326,329,331,334,337,340,343,346,349,352,355,358,361,364,367,370,372,376,379,382,385,388,391,394,397,400,403,406,409,412,415,418,421,424,427,430,433,436,439],{"date":172,"score":173,"percentile":174},"2026-01-29",0.00018,0.03894,{"date":176,"score":177,"percentile":178},"2026-01-30",0.00046,0.14037,{"date":180,"score":177,"percentile":181},"2026-01-31",0.14049,{"date":183,"score":177,"percentile":184},"2026-02-01",0.14064,{"date":186,"score":177,"percentile":187},"2026-02-02",0.14012,{"date":189,"score":190,"percentile":191},"2026-02-03",0.0006,0.18901,{"date":193,"score":190,"percentile":194},"2026-02-04",0.18879,{"date":196,"score":190,"percentile":197},"2026-02-05",0.18908,{"date":199,"score":190,"percentile":200},"2026-02-06",0.1893,{"date":202,"score":190,"percentile":203},"2026-02-07",0.18943,{"date":205,"score":190,"percentile":206},"2026-02-08",0.189,{"date":208,"score":190,"percentile":209},"2026-02-09",0.18856,{"date":211,"score":190,"percentile":212},"2026-02-10",0.18789,{"date":214,"score":190,"percentile":215},"2026-02-11",0.18794,{"date":217,"score":190,"percentile":218},"2026-02-12",0.18834,{"date":220,"score":190,"percentile":221},"2026-02-13",0.18831,{"date":223,"score":190,"percentile":224},"2026-02-14",0.18795,{"date":226,"score":190,"percentile":227},"2026-02-15",0.18776,{"date":229,"score":190,"percentile":230},"2026-02-16",0.18744,{"date":232,"score":190,"percentile":233},"2026-02-17",0.18727,{"date":235,"score":190,"percentile":236},"2026-02-18",0.18857,{"date":238,"score":190,"percentile":239},"2026-02-19",0.18913,{"date":241,"score":190,"percentile":242},"2026-02-20",0.18917,{"date":244,"score":190,"percentile":245},"2026-02-21",0.18948,{"date":247,"score":190,"percentile":248},"2026-02-22",0.18944,{"date":250,"score":190,"percentile":251},"2026-02-23",0.18906,{"date":253,"score":190,"percentile":254},"2026-02-24",0.18867,{"date":256,"score":190,"percentile":257},"2026-02-25",0.18835,{"date":259,"score":190,"percentile":260},"2026-02-26",0.18813,{"date":262,"score":190,"percentile":263},"2026-02-27",0.18824,{"date":265,"score":190,"percentile":266},"2026-02-28",0.18811,{"date":268,"score":269,"percentile":270},"2026-03-01",0.00066,0.20352,{"date":272,"score":269,"percentile":273},"2026-03-02",0.20305,{"date":275,"score":269,"percentile":276},"2026-03-03",0.20267,{"date":278,"score":269,"percentile":279},"2026-03-04",0.20179,{"date":281,"score":269,"percentile":282},"2026-03-05",0.20258,{"date":284,"score":269,"percentile":285},"2026-03-06",0.20257,{"date":287,"score":269,"percentile":288},"2026-03-07",0.20249,{"date":290,"score":269,"percentile":291},"2026-03-08",0.20217,{"date":293,"score":269,"percentile":294},"2026-03-09",0.20183,{"date":296,"score":269,"percentile":297},"2026-03-10",0.20165,{"date":299,"score":269,"percentile":300},"2026-03-11",0.20153,{"date":302,"score":269,"percentile":303},"2026-03-12",0.20212,{"date":305,"score":269,"percentile":306},"2026-03-13",0.20252,{"date":308,"score":269,"percentile":285},"2026-03-14",{"date":310,"score":269,"percentile":311},"2026-03-15",0.20188,{"date":313,"score":269,"percentile":297},"2026-03-16",{"date":315,"score":269,"percentile":316},"2026-03-17",0.20128,{"date":318,"score":269,"percentile":319},"2026-03-18",0.20114,{"date":321,"score":269,"percentile":322},"2026-03-19",0.20116,{"date":324,"score":269,"percentile":325},"2026-03-20",0.20163,{"date":327,"score":269,"percentile":328},"2026-03-21",0.20262,{"date":330,"score":269,"percentile":306},"2026-03-22",{"date":332,"score":269,"percentile":333},"2026-03-23",0.2022,{"date":335,"score":269,"percentile":336},"2026-03-24",0.20214,{"date":338,"score":269,"percentile":339},"2026-03-25",0.20279,{"date":341,"score":269,"percentile":342},"2026-03-26",0.20358,{"date":344,"score":269,"percentile":345},"2026-03-27",0.20378,{"date":347,"score":269,"percentile":348},"2026-03-28",0.20401,{"date":350,"score":269,"percentile":351},"2026-03-29",0.2037,{"date":353,"score":269,"percentile":354},"2026-03-30",0.20359,{"date":356,"score":269,"percentile":357},"2026-03-31",0.20367,{"date":359,"score":269,"percentile":360},"2026-04-01",0.20392,{"date":362,"score":269,"percentile":363},"2026-04-02",0.20538,{"date":365,"score":269,"percentile":366},"2026-04-03",0.20563,{"date":368,"score":269,"percentile":369},"2026-04-04",0.20597,{"date":371,"score":269,"percentile":366},"2026-04-05",{"date":373,"score":374,"percentile":375},"2026-04-06",0.00069,0.21108,{"date":377,"score":374,"percentile":378},"2026-04-07",0.21101,{"date":380,"score":374,"percentile":381},"2026-04-08",0.21181,{"date":383,"score":374,"percentile":384},"2026-04-09",0.21241,{"date":386,"score":374,"percentile":387},"2026-04-10",0.21258,{"date":389,"score":374,"percentile":390},"2026-04-11",0.21251,{"date":392,"score":374,"percentile":393},"2026-04-12",0.21209,{"date":395,"score":374,"percentile":396},"2026-04-13",0.21155,{"date":398,"score":374,"percentile":399},"2026-04-14",0.21117,{"date":401,"score":374,"percentile":402},"2026-04-15",0.21162,{"date":404,"score":374,"percentile":405},"2026-04-16",0.21148,{"date":407,"score":374,"percentile":408},"2026-04-17",0.2116,{"date":410,"score":374,"percentile":411},"2026-04-18",0.21159,{"date":413,"score":374,"percentile":414},"2026-04-19",0.21095,{"date":416,"score":374,"percentile":417},"2026-04-20",0.21067,{"date":419,"score":374,"percentile":420},"2026-04-21",0.21137,{"date":422,"score":374,"percentile":423},"2026-04-22",0.21192,{"date":425,"score":374,"percentile":426},"2026-04-23",0.21205,{"date":428,"score":374,"percentile":429},"2026-04-24",0.21011,{"date":431,"score":374,"percentile":432},"2026-04-25",0.2103,{"date":434,"score":374,"percentile":435},"2026-04-26",0.21015,{"date":437,"score":374,"percentile":438},"2026-04-27",0.21008,{"date":440,"score":374,"percentile":441},"2026-04-28",0.20975,[443,447,449],{"source":128,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":444,"cvss_v4_0":9},{"baseScore":126,"baseSeverity":445,"vectorString":129,"impactScore":126,"exploitabilityScore":446},"CRITICAL",10,{"source":134,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":448,"cvss_v4_0":9},{"baseScore":126,"baseSeverity":445,"vectorString":129,"impactScore":126,"exploitabilityScore":446},{"source":135,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":450},{"baseScore":451,"baseSeverity":9,"vectorString":452,"impactScore":9,"exploitabilityScore":9},8.7,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",[454,462],{"ecosystem":9,"name":455,"vendor":456,"product":455,"cpe_part":457,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":458},"jsonpath","dchester","a",[459],{"version":460,"is_range":122,"range_type":461,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.1.1","cpe",{"ecosystem":463,"name":455,"vendor":463,"product":455,"cpe_part":9,"purl_type":464,"purl_namespace":9,"purl_name":455,"source":9,"versions":465},"Npm","npm",[466,471],{"version":467,"is_range":468,"range_type":469,"version_start":9,"version_start_type":9,"version_end":460,"version_end_type":470,"fixed_in":9},"lte1_1_1",true,"semver","including",{"version":472,"is_range":468,"range_type":469,"version_start":9,"version_start_type":9,"version_end":473,"version_end_type":474,"fixed_in":9},"lt1_2_0","1.2.0","excluding"]