[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-61731":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":19,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":94,"related":95,"reserved_at":9,"published_at":131,"modified_at":132,"state":133,"summary":134,"references_raw":143,"kevs":170,"epss":171,"epss_history":174,"metrics":428,"affected":436},"CVE-2025-61731","Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The \"#cgo pkg-config:\" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a \"--log-file\" argument to this directive, causing pkg-config to write to an attacker-controlled location.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[20,21],"GO-2026-4339","BIT-golang-2025-61731",[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92],{"_key":25},"SUSE-SU-2026:0297-1",{"_key":27},"SUSE-SU-2026:0298-1",{"_key":29},"SUSE-SU-2026:0308-1",{"_key":31},"SUSE-SU-2026:0296-1",{"_key":33},"SUSE-SU-2026:20122-1",{"_key":35},"SUSE-SU-2026:20132-1",{"_key":37},"SUSE-SU-2026:20623-1",{"_key":39},"SUSE-SU-2026:20629-1",{"_key":41},"SUSE-SU-2026:0218-1",{"_key":43},"SUSE-SU-2026:0219-1",{"_key":45},"SUSE-SU-2026:0354-1",{"_key":47},"OPENSUSE-SU-2026:10063-1",{"_key":49},"OPENSUSE-SU-2026:10064-1",{"_key":51},"OPENSUSE-SU-2026:20077-1",{"_key":53},"OPENSUSE-SU-2026:20085-1",{"_key":55},"OPENSUSE-SU-2026:20301-1",{"_key":57},"OPENSUSE-SU-2026:20308-1",{"_key":59},"MGASA-2026-0035",{"_key":61},"OPENSUSE-SU-2026:20619-1",{"_key":63},"DEBIAN-CVE-2025-61731",{"_key":65},"UBUNTU-CVE-2025-61731",{"_key":67},"RHSA-2026:5941",{"_key":69},"RHSA-2026:5942",{"_key":71},"RHSA-2026:5943",{"_key":73},"RHSA-2026:5944",{"_key":75},"RHSA-2026:6949",{"_key":77},"RHSA-2026:7291",{"_key":79},"RHSA-2026:7385",{"_key":81},"RHSA-2026:7833",{"_key":83},"RHSA-2026:7834",{"_key":85},"RHSA-2026:7876",{"_key":87},"RHSA-2026:7877",{"_key":89},"RHSA-2026:7878",{"_key":91},"RHSA-2026:7879",{"_key":93},"RHSA-2026:7883",[],[96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129],{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":130},"CGA-QF8R-R99J-68MJ","2026-01-28T19:30:30.844Z","2026-02-26T15:04:45.375Z","Analyzed",{"cisa_kev":135,"cisa_ransomware":135,"cisa_vendor":9,"epss_severity":136,"epss_score":137,"severity":138,"severity_score":139,"severity_version":140,"severity_source":141,"severity_vector":142,"severity_status":133},false,"low",0.00012,"high",7.8,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[144,152,158,165],{"url":145,"sources":146,"tags":149},"https://go.dev/cl/736711",[141,147,148],"nvd","osv_go",[150,151],"FIX","Patch",{"url":153,"sources":154,"tags":155},"https://go.dev/issue/77100",[141,147,148],[156,157],"REPORT","Issue Tracking",{"url":159,"sources":160,"tags":161},"https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",[141,147,148],[162,163,164],"WEB","Release Notes","Mailing List",{"url":166,"sources":167,"tags":168},"https://pkg.go.dev/vuln/GO-2026-4339",[141,147],[169],"Vendor Advisory",[],{"date":172,"score":137,"percentile":173},"2026-06-05",0.01836,[175,179,183,186,189,192,195,198,201,204,208,211,214,217,220,223,226,228,230,233,236,239,241,244,247,250,253,256,259,261,264,266,270,273,276,279,282,285,288,290,293,296,299,302,305,308,311,314,317,319,322,324,327,330,333,336,339,342,345,348,350,353,356,358,361,363,366,368,370,373,375,377,379,382,385,388,391,393,396,399,401,403,406,409,412,415,418,420,423,426],{"date":176,"score":177,"percentile":178},"2026-01-29",0.00011,0.01134,{"date":180,"score":181,"percentile":182},"2026-01-30",0.0001,0.00804,{"date":184,"score":181,"percentile":185},"2026-01-31",0.0081,{"date":187,"score":181,"percentile":188},"2026-02-01",0.00815,{"date":190,"score":181,"percentile":191},"2026-02-02",0.00817,{"date":193,"score":177,"percentile":194},"2026-02-03",0.01044,{"date":196,"score":177,"percentile":197},"2026-02-04",0.01052,{"date":199,"score":177,"percentile":200},"2026-02-05",0.01056,{"date":202,"score":177,"percentile":203},"2026-02-06",0.01071,{"date":205,"score":206,"percentile":207},"2026-02-07",0.00008,0.00534,{"date":209,"score":206,"percentile":210},"2026-02-08",0.00533,{"date":212,"score":206,"percentile":213},"2026-02-09",0.00529,{"date":215,"score":206,"percentile":216},"2026-02-10",0.00531,{"date":218,"score":206,"percentile":219},"2026-02-11",0.00542,{"date":221,"score":206,"percentile":222},"2026-02-12",0.00545,{"date":224,"score":206,"percentile":225},"2026-02-13",0.00543,{"date":227,"score":206,"percentile":225},"2026-02-14",{"date":229,"score":206,"percentile":225},"2026-02-15",{"date":231,"score":206,"percentile":232},"2026-02-16",0.00541,{"date":234,"score":206,"percentile":235},"2026-02-17",0.00537,{"date":237,"score":206,"percentile":238},"2026-02-18",0.00601,{"date":240,"score":206,"percentile":238},"2026-02-19",{"date":242,"score":206,"percentile":243},"2026-02-20",0.00607,{"date":245,"score":206,"percentile":246},"2026-02-21",0.00606,{"date":248,"score":206,"percentile":249},"2026-02-22",0.00605,{"date":251,"score":206,"percentile":252},"2026-02-23",0.006,{"date":254,"score":206,"percentile":255},"2026-02-24",0.00597,{"date":257,"score":206,"percentile":258},"2026-02-25",0.00599,{"date":260,"score":206,"percentile":238},"2026-02-26",{"date":262,"score":206,"percentile":263},"2026-02-27",0.00604,{"date":265,"score":206,"percentile":243},"2026-02-28",{"date":267,"score":268,"percentile":269},"2026-03-01",0.00009,0.00756,{"date":271,"score":268,"percentile":272},"2026-03-02",0.00752,{"date":274,"score":268,"percentile":275},"2026-03-03",0.00764,{"date":277,"score":181,"percentile":278},"2026-03-04",0.01092,{"date":280,"score":181,"percentile":281},"2026-03-05",0.01104,{"date":283,"score":181,"percentile":284},"2026-03-06",0.01106,{"date":286,"score":181,"percentile":287},"2026-03-07",0.01101,{"date":289,"score":181,"percentile":281},"2026-03-08",{"date":291,"score":181,"percentile":292},"2026-03-09",0.01105,{"date":294,"score":181,"percentile":295},"2026-03-10",0.011,{"date":297,"score":181,"percentile":298},"2026-03-11",0.01091,{"date":300,"score":181,"percentile":301},"2026-03-12",0.01096,{"date":303,"score":181,"percentile":304},"2026-03-13",0.01094,{"date":306,"score":181,"percentile":307},"2026-03-14",0.01084,{"date":309,"score":181,"percentile":310},"2026-03-15",0.0108,{"date":312,"score":181,"percentile":313},"2026-03-16",0.01077,{"date":315,"score":181,"percentile":316},"2026-03-17",0.0107,{"date":318,"score":181,"percentile":316},"2026-03-18",{"date":320,"score":181,"percentile":321},"2026-03-19",0.01066,{"date":323,"score":181,"percentile":321},"2026-03-20",{"date":325,"score":181,"percentile":326},"2026-03-21",0.01153,{"date":328,"score":181,"percentile":329},"2026-03-22",0.01145,{"date":331,"score":181,"percentile":332},"2026-03-23",0.01143,{"date":334,"score":181,"percentile":335},"2026-03-24",0.01137,{"date":337,"score":181,"percentile":338},"2026-03-25",0.01141,{"date":340,"score":181,"percentile":341},"2026-03-26",0.01144,{"date":343,"score":181,"percentile":344},"2026-03-27",0.01148,{"date":346,"score":268,"percentile":347},"2026-03-28",0.00861,{"date":349,"score":268,"percentile":347},"2026-03-29",{"date":351,"score":268,"percentile":352},"2026-03-30",0.00853,{"date":354,"score":268,"percentile":355},"2026-03-31",0.00849,{"date":357,"score":268,"percentile":355},"2026-04-01",{"date":359,"score":268,"percentile":360},"2026-04-02",0.00855,{"date":362,"score":268,"percentile":360},"2026-04-03",{"date":364,"score":268,"percentile":365},"2026-04-04",0.00856,{"date":367,"score":268,"percentile":360},"2026-04-05",{"date":369,"score":181,"percentile":335},"2026-04-06",{"date":371,"score":181,"percentile":372},"2026-04-07",0.01138,{"date":374,"score":181,"percentile":341},"2026-04-08",{"date":376,"score":181,"percentile":329},"2026-04-09",{"date":378,"score":181,"percentile":332},"2026-04-10",{"date":380,"score":181,"percentile":381},"2026-04-11",0.01129,{"date":383,"score":181,"percentile":384},"2026-04-12",0.01124,{"date":386,"score":181,"percentile":387},"2026-04-13",0.01126,{"date":389,"score":181,"percentile":390},"2026-04-14",0.01107,{"date":392,"score":181,"percentile":390},"2026-04-15",{"date":394,"score":181,"percentile":395},"2026-04-16",0.01116,{"date":397,"score":181,"percentile":398},"2026-04-17",0.01122,{"date":400,"score":181,"percentile":381},"2026-04-18",{"date":402,"score":181,"percentile":387},"2026-04-19",{"date":404,"score":181,"percentile":405},"2026-04-20",0.01123,{"date":407,"score":181,"percentile":408},"2026-04-21",0.01241,{"date":410,"score":181,"percentile":411},"2026-04-22",0.01243,{"date":413,"score":181,"percentile":414},"2026-04-23",0.01249,{"date":416,"score":181,"percentile":417},"2026-04-24",0.01245,{"date":419,"score":181,"percentile":417},"2026-04-25",{"date":421,"score":181,"percentile":422},"2026-04-26",0.01251,{"date":424,"score":181,"percentile":425},"2026-04-27",0.01258,{"date":427,"score":181,"percentile":411},"2026-04-28",[429,434],{"source":141,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":430,"cvss_v4_0":9},{"baseScore":139,"baseSeverity":431,"vectorString":142,"impactScore":432,"exploitabilityScore":433},"HIGH",9.8,4.6,{"source":147,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":435,"cvss_v4_0":9},{"baseScore":139,"baseSeverity":431,"vectorString":142,"impactScore":432,"exploitabilityScore":433},[437,452,461],{"ecosystem":9,"name":438,"vendor":439,"product":438,"cpe_part":440,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":441},"cmd/go","go toolchain","a",[442,447],{"version":443,"is_range":444,"range_type":141,"version_start":9,"version_start_type":9,"version_end":445,"version_end_type":446,"fixed_in":9},"\u003C 1.24.12",true,"1.24.12","excluding",{"version":448,"is_range":444,"range_type":141,"version_start":449,"version_start_type":450,"version_end":451,"version_end_type":446,"fixed_in":9},">= 1.25.0, \u003C 1.25.6","1.25.0","including","1.25.6",{"ecosystem":9,"name":453,"vendor":454,"product":453,"cpe_part":440,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":455},"go","golang",[456,459],{"version":457,"is_range":444,"range_type":458,"version_start":9,"version_start_type":9,"version_end":445,"version_end_type":446,"fixed_in":9},"lt1.24.12","cpe",{"version":460,"is_range":444,"range_type":458,"version_start":449,"version_start_type":450,"version_end":451,"version_end_type":446,"fixed_in":9},"gte1.25.0_lt1.25.6",{"ecosystem":462,"name":463,"vendor":462,"product":463,"cpe_part":9,"purl_type":454,"purl_namespace":9,"purl_name":463,"source":9,"versions":464},"Go","toolchain",[465],{"version":466,"is_range":444,"range_type":467,"version_start":449,"version_start_type":450,"version_end":451,"version_end_type":446,"fixed_in":9},"gte1_25_0_lt1_25_6","semver"]