[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-27142":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T08:55:34.825Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":48,"downstream":49,"duplicates":90,"related":91,"reserved_at":9,"published_at":110,"modified_at":111,"state":112,"summary":113,"references_raw":122,"kevs":148,"epss":149,"epss_history":152,"metrics":415,"affected":423},"CVE-2026-27142","Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46,47],"GO-2026-4603","BIT-golang-2026-27142",[],[50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88],{"_key":51},"SUSE-SU-2026:0875-1",{"_key":53},"SUSE-SU-2026:0876-1",{"_key":55},"OPENSUSE-SU-2026:10299-1",{"_key":57},"OPENSUSE-SU-2026:10310-1",{"_key":59},"SUSE-SU-2026:0947-1",{"_key":61},"OPENSUSE-SU-2026:20342-1",{"_key":63},"SUSE-SU-2026:0993-1",{"_key":65},"SUSE-SU-2026:0977-1",{"_key":67},"SUSE-SU-2026:0976-1",{"_key":69},"SUSE-SU-2026:1042-1",{"_key":71},"SUSE-SU-2026:21195-1",{"_key":73},"SUSE-SU-2026:21200-1",{"_key":75},"OPENSUSE-SU-2026:20496-1",{"_key":77},"OPENSUSE-SU-2026:20537-1",{"_key":79},"DEBIAN-CVE-2026-27142",{"_key":81},"RHSA-2026:5192",{"_key":83},"MGASA-2026-0143",{"_key":85},"MGASA-2026-0147",{"_key":87},"UBUNTU-CVE-2026-27142",{"_key":89},"RHSA-2026:7291",[],[92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108],{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":81},{"_key":89},{"_key":109},"CGA-G36F-884R-6GJ3","2026-03-06T21:28:14.674Z","2026-03-16T15:21:14.465Z","Analyzed",{"cisa_kev":114,"cisa_ransomware":114,"cisa_vendor":9,"epss_severity":115,"epss_score":116,"severity":117,"severity_score":118,"severity_version":119,"severity_source":120,"severity_vector":121,"severity_status":112},false,"low",0.00013,"medium",6.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[123,131,137,143],{"url":124,"sources":125,"tags":128},"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",[120,126,127],"nvd","osv_go",[129,130],"WEB","Release Notes",{"url":132,"sources":133,"tags":134},"https://go.dev/issue/77954",[120,126,127],[135,136],"REPORT","Issue Tracking",{"url":138,"sources":139,"tags":140},"https://go.dev/cl/752081",[120,126,127],[141,142],"FIX","Mailing List",{"url":144,"sources":145,"tags":146},"https://pkg.go.dev/vuln/GO-2026-4603",[120,126],[147],"Vendor Advisory",[],{"date":150,"score":116,"percentile":151},"2026-06-05",0.02061,[153,157,160,163,166,170,174,177,180,183,186,190,193,196,199,203,206,209,212,215,218,221,224,226,229,232,235,238,240,242,244,246,250,253,256,258,261,264,266,269,272,275,278,281,284,287,291,294,297,300,303,305,308,311,314,317,320,322,324,326,328,331,334,337,340,343,346,349,352,355,358,361,363,366,369,372,375,378,381,384,387,390,393,396,398,401,404,407,410,413],{"date":154,"score":155,"percentile":156},"2026-03-07",0.00028,0.07471,{"date":158,"score":155,"percentile":159},"2026-03-08",0.07453,{"date":161,"score":155,"percentile":162},"2026-03-09",0.07417,{"date":164,"score":155,"percentile":165},"2026-03-10",0.07404,{"date":167,"score":168,"percentile":169},"2026-03-11",0.00046,0.14033,{"date":171,"score":172,"percentile":173},"2026-03-12",0.00061,0.18862,{"date":175,"score":172,"percentile":176},"2026-03-13",0.18898,{"date":178,"score":172,"percentile":179},"2026-03-14",0.18904,{"date":181,"score":172,"percentile":182},"2026-03-15",0.18841,{"date":184,"score":172,"percentile":185},"2026-03-16",0.18812,{"date":187,"score":188,"percentile":189},"2026-03-17",0.00033,0.09292,{"date":191,"score":188,"percentile":192},"2026-03-18",0.09285,{"date":194,"score":188,"percentile":195},"2026-03-19",0.09275,{"date":197,"score":188,"percentile":198},"2026-03-20",0.09331,{"date":200,"score":201,"percentile":202},"2026-03-21",0.00011,0.01274,{"date":204,"score":201,"percentile":205},"2026-03-22",0.01265,{"date":207,"score":201,"percentile":208},"2026-03-23",0.01261,{"date":210,"score":201,"percentile":211},"2026-03-24",0.01256,{"date":213,"score":201,"percentile":214},"2026-03-25",0.0126,{"date":216,"score":201,"percentile":217},"2026-03-26",0.01263,{"date":219,"score":201,"percentile":220},"2026-03-27",0.01267,{"date":222,"score":201,"percentile":223},"2026-03-28",0.01268,{"date":225,"score":201,"percentile":220},"2026-03-29",{"date":227,"score":201,"percentile":228},"2026-03-30",0.01264,{"date":230,"score":201,"percentile":231},"2026-03-31",0.01248,{"date":233,"score":201,"percentile":234},"2026-04-01",0.01247,{"date":236,"score":201,"percentile":237},"2026-04-02",0.01258,{"date":239,"score":201,"percentile":208},"2026-04-03",{"date":241,"score":201,"percentile":217},"2026-04-04",{"date":243,"score":201,"percentile":228},"2026-04-05",{"date":245,"score":201,"percentile":223},"2026-04-06",{"date":247,"score":248,"percentile":249},"2026-04-07",0.00012,0.01552,{"date":251,"score":248,"percentile":252},"2026-04-08",0.01555,{"date":254,"score":248,"percentile":255},"2026-04-09",0.01562,{"date":257,"score":248,"percentile":255},"2026-04-10",{"date":259,"score":248,"percentile":260},"2026-04-11",0.01551,{"date":262,"score":248,"percentile":263},"2026-04-12",0.01542,{"date":265,"score":248,"percentile":263},"2026-04-13",{"date":267,"score":248,"percentile":268},"2026-04-14",0.01526,{"date":270,"score":248,"percentile":271},"2026-04-15",0.0152,{"date":273,"score":248,"percentile":274},"2026-04-16",0.0153,{"date":276,"score":248,"percentile":277},"2026-04-17",0.01541,{"date":279,"score":248,"percentile":280},"2026-04-18",0.01545,{"date":282,"score":248,"percentile":283},"2026-04-19",0.01543,{"date":285,"score":248,"percentile":286},"2026-04-20",0.01536,{"date":288,"score":289,"percentile":290},"2026-04-21",0.00015,0.03399,{"date":292,"score":201,"percentile":293},"2026-04-22",0.01422,{"date":295,"score":201,"percentile":296},"2026-04-23",0.01429,{"date":298,"score":201,"percentile":299},"2026-04-24",0.01424,{"date":301,"score":201,"percentile":302},"2026-04-25",0.01426,{"date":304,"score":201,"percentile":296},"2026-04-26",{"date":306,"score":201,"percentile":307},"2026-04-27",0.01445,{"date":309,"score":201,"percentile":310},"2026-04-28",0.0143,{"date":312,"score":201,"percentile":313},"2026-04-29",0.01436,{"date":315,"score":201,"percentile":316},"2026-04-30",0.01431,{"date":318,"score":201,"percentile":319},"2026-05-01",0.01427,{"date":321,"score":201,"percentile":319},"2026-05-02",{"date":323,"score":201,"percentile":319},"2026-05-03",{"date":325,"score":201,"percentile":319},"2026-05-04",{"date":327,"score":201,"percentile":302},"2026-05-05",{"date":329,"score":201,"percentile":330},"2026-05-06",0.01419,{"date":332,"score":201,"percentile":333},"2026-05-07",0.01421,{"date":335,"score":201,"percentile":336},"2026-05-08",0.0142,{"date":338,"score":201,"percentile":339},"2026-05-09",0.01414,{"date":341,"score":201,"percentile":342},"2026-05-10",0.01415,{"date":344,"score":201,"percentile":345},"2026-05-11",0.01411,{"date":347,"score":201,"percentile":348},"2026-05-12",0.01407,{"date":350,"score":116,"percentile":351},"2026-05-13",0.01994,{"date":353,"score":116,"percentile":354},"2026-05-14",0.01993,{"date":356,"score":116,"percentile":357},"2026-05-15",0.01996,{"date":359,"score":116,"percentile":360},"2026-05-16",0.01997,{"date":362,"score":116,"percentile":360},"2026-05-17",{"date":364,"score":116,"percentile":365},"2026-05-18",0.01984,{"date":367,"score":116,"percentile":368},"2026-05-19",0.01973,{"date":370,"score":116,"percentile":371},"2026-05-20",0.01967,{"date":373,"score":116,"percentile":374},"2026-05-21",0.01955,{"date":376,"score":116,"percentile":377},"2026-05-22",0.02089,{"date":379,"score":116,"percentile":380},"2026-05-23",0.02085,{"date":382,"score":116,"percentile":383},"2026-05-24",0.02081,{"date":385,"score":116,"percentile":386},"2026-05-25",0.02069,{"date":388,"score":116,"percentile":389},"2026-05-26",0.02056,{"date":391,"score":116,"percentile":392},"2026-05-27",0.0207,{"date":394,"score":116,"percentile":395},"2026-05-28",0.02062,{"date":397,"score":116,"percentile":392},"2026-05-29",{"date":399,"score":116,"percentile":400},"2026-05-30",0.02094,{"date":402,"score":116,"percentile":403},"2026-05-31",0.02086,{"date":405,"score":116,"percentile":406},"2026-06-01",0.02074,{"date":408,"score":116,"percentile":409},"2026-06-02",0.02063,{"date":411,"score":116,"percentile":412},"2026-06-03",0.02045,{"date":414,"score":116,"percentile":412},"2026-06-04",[416,421],{"source":120,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":417,"cvss_v4_0":9},{"baseScore":118,"baseSeverity":418,"vectorString":121,"impactScore":419,"exploitabilityScore":420},"MEDIUM",4.5,7.2,{"source":126,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":422,"cvss_v4_0":9},{"baseScore":118,"baseSeverity":418,"vectorString":121,"impactScore":419,"exploitabilityScore":420},[424,439,448],{"ecosystem":9,"name":425,"vendor":426,"product":425,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"html/template","go standard library","a",[429,434],{"version":430,"is_range":431,"range_type":120,"version_start":9,"version_start_type":9,"version_end":432,"version_end_type":433,"fixed_in":9},"\u003C 1.25.8",true,"1.25.8","excluding",{"version":435,"is_range":431,"range_type":120,"version_start":436,"version_start_type":437,"version_end":438,"version_end_type":433,"fixed_in":9},">= 1.26.0-0, \u003C 1.26.1","1.26.0-0","including","1.26.1",{"ecosystem":9,"name":440,"vendor":441,"product":440,"cpe_part":427,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":442},"go","golang",[443,446],{"version":444,"is_range":431,"range_type":445,"version_start":9,"version_start_type":9,"version_end":432,"version_end_type":433,"fixed_in":9},"lt1.25.8","cpe",{"version":447,"is_range":114,"range_type":445,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.26.0",{"ecosystem":449,"name":450,"vendor":449,"product":450,"cpe_part":9,"purl_type":441,"purl_namespace":9,"purl_name":450,"source":9,"versions":451},"Go","stdlib",[452],{"version":453,"is_range":431,"range_type":454,"version_start":436,"version_start_type":437,"version_end":438,"version_end_type":433,"fixed_in":9},"gte1_26_0_0_lt1_26_1","semver"]