[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-68119":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":24,"downstream":25,"duplicates":84,"related":85,"reserved_at":9,"published_at":115,"modified_at":116,"state":117,"summary":118,"references_raw":126,"kevs":153,"epss":154,"epss_history":157,"metrics":427,"affected":435},"CVE-2025-68119","Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-787","Out-of-bounds Write","The product writes data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base","High",[],[],[22,23],"GO-2026-4338","BIT-golang-2025-68119",[],[26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82],{"_key":27},"SUSE-SU-2026:0297-1",{"_key":29},"SUSE-SU-2026:0298-1",{"_key":31},"SUSE-SU-2026:0308-1",{"_key":33},"SUSE-SU-2026:0789-1",{"_key":35},"SUSE-SU-2026:0296-1",{"_key":37},"SUSE-SU-2026:0687-1",{"_key":39},"SUSE-SU-2026:20122-1",{"_key":41},"SUSE-SU-2026:20132-1",{"_key":43},"SUSE-SU-2026:20429-1",{"_key":45},"SUSE-SU-2026:20623-1",{"_key":47},"SUSE-SU-2026:20629-1",{"_key":49},"SUSE-SU-2026:0218-1",{"_key":51},"SUSE-SU-2026:0219-1",{"_key":53},"SUSE-SU-2026:0354-1",{"_key":55},"SUSE-SU-2026:0426-1",{"_key":57},"OPENSUSE-SU-2026:10063-1",{"_key":59},"OPENSUSE-SU-2026:10064-1",{"_key":61},"OPENSUSE-SU-2026:10101-1",{"_key":63},"OPENSUSE-SU-2026:20077-1",{"_key":65},"OPENSUSE-SU-2026:20085-1",{"_key":67},"OPENSUSE-SU-2026:20220-1",{"_key":69},"OPENSUSE-SU-2026:20301-1",{"_key":71},"OPENSUSE-SU-2026:20308-1",{"_key":73},"MGASA-2026-0035",{"_key":75},"OPENSUSE-SU-2026:20619-1",{"_key":77},"DEBIAN-CVE-2025-68119",{"_key":79},"UBUNTU-CVE-2025-68119",{"_key":81},"RHSA-2026:7291",{"_key":83},"RHSA-2026:7385",[],[86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113],{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":81},{"_key":83},{"_key":114},"CGA-4H42-H3G6-CXX5","2026-01-28T19:30:30.704Z","2026-02-26T15:04:45.665Z","Analyzed",{"cisa_kev":119,"cisa_ransomware":119,"cisa_vendor":9,"epss_severity":120,"epss_score":121,"severity":122,"severity_score":4,"severity_version":123,"severity_source":124,"severity_vector":125,"severity_status":117},false,"low",0.00018,"high","v3.1","cve.org","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",[127,135,141,148],{"url":128,"sources":129,"tags":132},"https://go.dev/cl/736710",[124,130,131],"nvd","osv_go",[133,134],"FIX","Patch",{"url":136,"sources":137,"tags":138},"https://go.dev/issue/77099",[124,130,131],[139,140,134],"REPORT","Issue Tracking",{"url":142,"sources":143,"tags":144},"https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",[124,130,131],[145,146,147],"WEB","Release Notes","Mailing List",{"url":149,"sources":150,"tags":151},"https://pkg.go.dev/vuln/GO-2026-4338",[124,130],[152],"Vendor Advisory",[],{"date":155,"score":121,"percentile":156},"2026-06-05",0.04774,[158,162,166,169,172,175,179,182,185,188,191,193,196,199,202,205,208,211,214,216,219,222,225,228,231,233,236,239,241,244,246,249,253,256,259,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,311,315,318,321,324,327,330,333,337,340,343,346,349,352,355,358,360,363,366,369,372,375,378,381,384,387,390,393,395,397,400,403,406,409,412,415,418,421,424],{"date":159,"score":160,"percentile":161},"2026-01-29",0.00012,0.01174,{"date":163,"score":164,"percentile":165},"2026-01-30",0.00009,0.00757,{"date":167,"score":164,"percentile":168},"2026-01-31",0.00763,{"date":170,"score":164,"percentile":171},"2026-02-01",0.0077,{"date":173,"score":164,"percentile":174},"2026-02-02",0.00771,{"date":176,"score":177,"percentile":178},"2026-02-03",0.0001,0.00978,{"date":180,"score":177,"percentile":181},"2026-02-04",0.00977,{"date":183,"score":177,"percentile":184},"2026-02-05",0.00981,{"date":186,"score":177,"percentile":187},"2026-02-06",0.00996,{"date":189,"score":177,"percentile":190},"2026-02-07",0.00867,{"date":192,"score":177,"percentile":190},"2026-02-08",{"date":194,"score":177,"percentile":195},"2026-02-09",0.00864,{"date":197,"score":177,"percentile":198},"2026-02-10",0.00865,{"date":200,"score":177,"percentile":201},"2026-02-11",0.00889,{"date":203,"score":177,"percentile":204},"2026-02-12",0.00895,{"date":206,"score":177,"percentile":207},"2026-02-13",0.00897,{"date":209,"score":177,"percentile":210},"2026-02-14",0.00896,{"date":212,"score":177,"percentile":213},"2026-02-15",0.00893,{"date":215,"score":177,"percentile":201},"2026-02-16",{"date":217,"score":177,"percentile":218},"2026-02-17",0.0088,{"date":220,"score":177,"percentile":221},"2026-02-18",0.00964,{"date":223,"score":177,"percentile":224},"2026-02-19",0.00967,{"date":226,"score":177,"percentile":227},"2026-02-20",0.00969,{"date":229,"score":177,"percentile":230},"2026-02-21",0.00966,{"date":232,"score":177,"percentile":224},"2026-02-22",{"date":234,"score":177,"percentile":235},"2026-02-23",0.00953,{"date":237,"score":177,"percentile":238},"2026-02-24",0.00945,{"date":240,"score":177,"percentile":238},"2026-02-25",{"date":242,"score":177,"percentile":243},"2026-02-26",0.00943,{"date":245,"score":177,"percentile":235},"2026-02-27",{"date":247,"score":177,"percentile":248},"2026-02-28",0.00955,{"date":250,"score":251,"percentile":252},"2026-03-01",0.00011,0.01318,{"date":254,"score":251,"percentile":255},"2026-03-02",0.01344,{"date":257,"score":251,"percentile":258},"2026-03-03",0.01361,{"date":260,"score":261,"percentile":262},"2026-03-04",0.00013,0.02065,{"date":264,"score":261,"percentile":265},"2026-03-05",0.02102,{"date":267,"score":261,"percentile":268},"2026-03-06",0.02098,{"date":270,"score":261,"percentile":271},"2026-03-07",0.02097,{"date":273,"score":261,"percentile":274},"2026-03-08",0.02094,{"date":276,"score":261,"percentile":277},"2026-03-09",0.02078,{"date":279,"score":261,"percentile":280},"2026-03-10",0.02076,{"date":282,"score":261,"percentile":283},"2026-03-11",0.02047,{"date":285,"score":261,"percentile":286},"2026-03-12",0.02058,{"date":288,"score":261,"percentile":289},"2026-03-13",0.02055,{"date":291,"score":261,"percentile":292},"2026-03-14",0.02027,{"date":294,"score":261,"percentile":295},"2026-03-15",0.02006,{"date":297,"score":261,"percentile":298},"2026-03-16",0.01997,{"date":300,"score":261,"percentile":301},"2026-03-17",0.01972,{"date":303,"score":261,"percentile":304},"2026-03-18",0.0197,{"date":306,"score":261,"percentile":307},"2026-03-19",0.01965,{"date":309,"score":261,"percentile":310},"2026-03-20",0.01969,{"date":312,"score":313,"percentile":314},"2026-03-21",0.00017,0.04109,{"date":316,"score":313,"percentile":317},"2026-03-22",0.041,{"date":319,"score":313,"percentile":320},"2026-03-23",0.04099,{"date":322,"score":313,"percentile":323},"2026-03-24",0.04086,{"date":325,"score":313,"percentile":326},"2026-03-25",0.04108,{"date":328,"score":313,"percentile":329},"2026-03-26",0.04129,{"date":331,"score":313,"percentile":332},"2026-03-27",0.04133,{"date":334,"score":335,"percentile":336},"2026-03-28",0.00015,0.02872,{"date":338,"score":335,"percentile":339},"2026-03-29",0.0286,{"date":341,"score":335,"percentile":342},"2026-03-30",0.0285,{"date":344,"score":335,"percentile":345},"2026-03-31",0.02833,{"date":347,"score":335,"percentile":348},"2026-04-01",0.02832,{"date":350,"score":335,"percentile":351},"2026-04-02",0.02898,{"date":353,"score":335,"percentile":354},"2026-04-03",0.02914,{"date":356,"score":335,"percentile":357},"2026-04-04",0.02913,{"date":359,"score":335,"percentile":354},"2026-04-05",{"date":361,"score":313,"percentile":362},"2026-04-06",0.04136,{"date":364,"score":313,"percentile":365},"2026-04-07",0.04149,{"date":367,"score":313,"percentile":368},"2026-04-08",0.0418,{"date":370,"score":313,"percentile":371},"2026-04-09",0.04195,{"date":373,"score":313,"percentile":374},"2026-04-10",0.04199,{"date":376,"score":313,"percentile":377},"2026-04-11",0.04174,{"date":379,"score":313,"percentile":380},"2026-04-12",0.04157,{"date":382,"score":313,"percentile":383},"2026-04-13",0.04131,{"date":385,"score":313,"percentile":386},"2026-04-14",0.04092,{"date":388,"score":313,"percentile":389},"2026-04-15",0.04088,{"date":391,"score":313,"percentile":392},"2026-04-16",0.04101,{"date":394,"score":313,"percentile":326},"2026-04-17",{"date":396,"score":313,"percentile":314},"2026-04-18",{"date":398,"score":313,"percentile":399},"2026-04-19",0.04098,{"date":401,"score":313,"percentile":402},"2026-04-20",0.04085,{"date":404,"score":313,"percentile":405},"2026-04-21",0.04231,{"date":407,"score":313,"percentile":408},"2026-04-22",0.04239,{"date":410,"score":313,"percentile":411},"2026-04-23",0.0424,{"date":413,"score":313,"percentile":414},"2026-04-24",0.04243,{"date":416,"score":313,"percentile":417},"2026-04-25",0.04264,{"date":419,"score":313,"percentile":420},"2026-04-26",0.04261,{"date":422,"score":313,"percentile":423},"2026-04-27",0.04251,{"date":425,"score":313,"percentile":426},"2026-04-28",0.04279,[428,433],{"source":124,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":429,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":430,"vectorString":125,"impactScore":431,"exploitabilityScore":432},"HIGH",9.8,2.6,{"source":130,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":434,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":430,"vectorString":125,"impactScore":431,"exploitabilityScore":432},[436,448,458],{"ecosystem":9,"name":437,"vendor":438,"product":437,"cpe_part":439,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":440},"cmd/go","go toolchain","a",[441],{"version":442,"is_range":443,"range_type":124,"version_start":444,"version_start_type":445,"version_end":446,"version_end_type":447,"fixed_in":9},">= 1.25.0, \u003C 1.25.6",true,"1.25.0","including","1.25.6","excluding",{"ecosystem":9,"name":449,"vendor":450,"product":449,"cpe_part":439,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":451},"go","golang",[452,456],{"version":453,"is_range":443,"range_type":454,"version_start":9,"version_start_type":9,"version_end":455,"version_end_type":447,"fixed_in":9},"lt1.24.12","cpe","1.24.12",{"version":457,"is_range":443,"range_type":454,"version_start":444,"version_start_type":445,"version_end":446,"version_end_type":447,"fixed_in":9},"gte1.25.0_lt1.25.6",{"ecosystem":459,"name":460,"vendor":459,"product":460,"cpe_part":9,"purl_type":450,"purl_namespace":9,"purl_name":460,"source":9,"versions":461},"Go","toolchain",[462],{"version":463,"is_range":443,"range_type":464,"version_start":444,"version_start_type":445,"version_end":446,"version_end_type":447,"fixed_in":9},"gte1_25_0_lt1_25_6","semver"]