[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-34165":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":412,"aliases":413,"duplicate_of":9,"upstream":416,"downstream":417,"duplicates":426,"related":427,"reserved_at":9,"published_at":432,"modified_at":433,"state":434,"summary":435,"references_raw":444,"kevs":471,"epss":472,"epss_history":475,"metrics":659,"affected":669},"CVE-2026-34165","go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requires write access to the local repository's .git directory, it order to create or alter existing .idx files. This issue has been patched in version 5.17.1.",null,[11,19],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-191","Integer Underflow (Wrap or Wraparound)","The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.","weakness","Draft","Base",[],{"_key":20,"id":20,"name":21,"description":22,"type":15,"status":23,"abstraction":17,"likelihood_of_exploit":24,"capec":25},"CWE-770","Allocation of Resources Without Limits or Throttling","The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.","Incomplete","High",[26,112,122,126,130,134,138,142,174,236,240,244,274,304,336,340,344,348,352,356],{"id":27,"name":28,"techniques":29},"CAPEC-125","Flooding",[30,84],{"id":31,"name":32,"tactics":33,"countermeasures":37},"T1498.001","Direct Network Flood",[34],{"id":35,"name":36},"TA0105","Impact",[38,43,47,51,55,59,63,67,71,75,80],{"id":39,"name":40,"tactic":41},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":42},"Detect",{"id":44,"name":45,"tactic":46},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":42},{"id":48,"name":49,"tactic":50},"D3-CSPP","Client-server Payload Profiling",{"name":42},{"id":52,"name":53,"tactic":54},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":42},{"id":56,"name":57,"tactic":58},"D3-NTSA","Network Traffic Signature Analysis",{"name":42},{"id":60,"name":61,"tactic":62},"D3-APCA","Application Protocol Command Analysis",{"name":42},{"id":64,"name":65,"tactic":66},"D3-NTCD","Network Traffic Community Deviation",{"name":42},{"id":68,"name":69,"tactic":70},"D3-RTSD","Remote Terminal Session Detection",{"name":42},{"id":72,"name":73,"tactic":74},"D3-ISVA","Inbound Session Volume Analysis",{"name":42},{"id":76,"name":77,"tactic":78},"D3-NTF","Network Traffic Filtering",{"name":79},"Isolate",{"id":81,"name":82,"tactic":83},"D3-ITF","Inbound Traffic Filtering",{"name":79},{"id":85,"name":86,"tactics":87,"countermeasures":89},"T1499","Endpoint Denial of Service",[88],{"id":35,"name":36},[90,92,94,96,98,100,102,104,106,108,110],{"id":39,"name":40,"tactic":91},{"name":42},{"id":44,"name":45,"tactic":93},{"name":42},{"id":48,"name":49,"tactic":95},{"name":42},{"id":52,"name":53,"tactic":97},{"name":42},{"id":56,"name":57,"tactic":99},{"name":42},{"id":60,"name":61,"tactic":101},{"name":42},{"id":64,"name":65,"tactic":103},{"name":42},{"id":68,"name":69,"tactic":105},{"name":42},{"id":72,"name":73,"tactic":107},{"name":42},{"id":76,"name":77,"tactic":109},{"name":79},{"id":81,"name":82,"tactic":111},{"name":79},{"id":113,"name":114,"techniques":115},"CAPEC-130","Excessive Allocation",[116],{"id":117,"name":118,"tactics":119,"countermeasures":121},"T1499.003","Application Exhaustion Flood",[120],{"id":35,"name":36},[],{"id":123,"name":124,"techniques":125},"CAPEC-147","XML Ping of the Death",[],{"id":127,"name":128,"techniques":129},"CAPEC-197","Exponential Data Expansion",[],{"id":131,"name":132,"techniques":133},"CAPEC-229","Serialized Data Parameter Blowup",[],{"id":135,"name":136,"techniques":137},"CAPEC-230","Serialized Data with Nested Payloads",[],{"id":139,"name":140,"techniques":141},"CAPEC-231","Oversized Serialized Data Payloads",[],{"id":143,"name":144,"techniques":145},"CAPEC-469","HTTP DoS",[146],{"id":147,"name":148,"tactics":149,"countermeasures":151},"T1499.002","Service Exhaustion Flood",[150],{"id":35,"name":36},[152,154,156,158,160,162,164,166,168,170,172],{"id":39,"name":40,"tactic":153},{"name":42},{"id":44,"name":45,"tactic":155},{"name":42},{"id":48,"name":49,"tactic":157},{"name":42},{"id":52,"name":53,"tactic":159},{"name":42},{"id":56,"name":57,"tactic":161},{"name":42},{"id":60,"name":61,"tactic":163},{"name":42},{"id":64,"name":65,"tactic":165},{"name":42},{"id":68,"name":69,"tactic":167},{"name":42},{"id":72,"name":73,"tactic":169},{"name":42},{"id":76,"name":77,"tactic":171},{"name":79},{"id":81,"name":82,"tactic":173},{"name":79},{"id":175,"name":176,"techniques":177},"CAPEC-482","TCP Flood",[178,204,210],{"id":31,"name":32,"tactics":179,"countermeasures":181},[180],{"id":35,"name":36},[182,184,186,188,190,192,194,196,198,200,202],{"id":39,"name":40,"tactic":183},{"name":42},{"id":44,"name":45,"tactic":185},{"name":42},{"id":48,"name":49,"tactic":187},{"name":42},{"id":52,"name":53,"tactic":189},{"name":42},{"id":56,"name":57,"tactic":191},{"name":42},{"id":60,"name":61,"tactic":193},{"name":42},{"id":64,"name":65,"tactic":195},{"name":42},{"id":68,"name":69,"tactic":197},{"name":42},{"id":72,"name":73,"tactic":199},{"name":42},{"id":76,"name":77,"tactic":201},{"name":79},{"id":81,"name":82,"tactic":203},{"name":79},{"id":205,"name":206,"tactics":207,"countermeasures":209},"T1499.001","OS Exhaustion Flood",[208],{"id":35,"name":36},[],{"id":147,"name":148,"tactics":211,"countermeasures":213},[212],{"id":35,"name":36},[214,216,218,220,222,224,226,228,230,232,234],{"id":39,"name":40,"tactic":215},{"name":42},{"id":44,"name":45,"tactic":217},{"name":42},{"id":48,"name":49,"tactic":219},{"name":42},{"id":52,"name":53,"tactic":221},{"name":42},{"id":56,"name":57,"tactic":223},{"name":42},{"id":60,"name":61,"tactic":225},{"name":42},{"id":64,"name":65,"tactic":227},{"name":42},{"id":68,"name":69,"tactic":229},{"name":42},{"id":72,"name":73,"tactic":231},{"name":42},{"id":76,"name":77,"tactic":233},{"name":79},{"id":81,"name":82,"tactic":235},{"name":79},{"id":237,"name":238,"techniques":239},"CAPEC-486","UDP Flood",[],{"id":241,"name":242,"techniques":243},"CAPEC-487","ICMP Flood",[],{"id":245,"name":246,"techniques":247},"CAPEC-488","HTTP Flood",[248],{"id":147,"name":148,"tactics":249,"countermeasures":251},[250],{"id":35,"name":36},[252,254,256,258,260,262,264,266,268,270,272],{"id":39,"name":40,"tactic":253},{"name":42},{"id":44,"name":45,"tactic":255},{"name":42},{"id":48,"name":49,"tactic":257},{"name":42},{"id":52,"name":53,"tactic":259},{"name":42},{"id":56,"name":57,"tactic":261},{"name":42},{"id":60,"name":61,"tactic":263},{"name":42},{"id":64,"name":65,"tactic":265},{"name":42},{"id":68,"name":69,"tactic":267},{"name":42},{"id":72,"name":73,"tactic":269},{"name":42},{"id":76,"name":77,"tactic":271},{"name":79},{"id":81,"name":82,"tactic":273},{"name":79},{"id":275,"name":276,"techniques":277},"CAPEC-489","SSL Flood",[278],{"id":147,"name":148,"tactics":279,"countermeasures":281},[280],{"id":35,"name":36},[282,284,286,288,290,292,294,296,298,300,302],{"id":39,"name":40,"tactic":283},{"name":42},{"id":44,"name":45,"tactic":285},{"name":42},{"id":48,"name":49,"tactic":287},{"name":42},{"id":52,"name":53,"tactic":289},{"name":42},{"id":56,"name":57,"tactic":291},{"name":42},{"id":60,"name":61,"tactic":293},{"name":42},{"id":64,"name":65,"tactic":295},{"name":42},{"id":68,"name":69,"tactic":297},{"name":42},{"id":72,"name":73,"tactic":299},{"name":42},{"id":76,"name":77,"tactic":301},{"name":79},{"id":81,"name":82,"tactic":303},{"name":79},{"id":305,"name":306,"techniques":307},"CAPEC-490","Amplification",[308],{"id":309,"name":310,"tactics":311,"countermeasures":313},"T1498.002","Reflection Amplification",[312],{"id":35,"name":36},[314,316,318,320,322,324,326,328,330,332,334],{"id":39,"name":40,"tactic":315},{"name":42},{"id":44,"name":45,"tactic":317},{"name":42},{"id":48,"name":49,"tactic":319},{"name":42},{"id":52,"name":53,"tactic":321},{"name":42},{"id":56,"name":57,"tactic":323},{"name":42},{"id":60,"name":61,"tactic":325},{"name":42},{"id":64,"name":65,"tactic":327},{"name":42},{"id":68,"name":69,"tactic":329},{"name":42},{"id":72,"name":73,"tactic":331},{"name":42},{"id":76,"name":77,"tactic":333},{"name":79},{"id":81,"name":82,"tactic":335},{"name":79},{"id":337,"name":338,"techniques":339},"CAPEC-491","Quadratic Data Expansion",[],{"id":341,"name":342,"techniques":343},"CAPEC-493","SOAP Array Blowup",[],{"id":345,"name":346,"techniques":347},"CAPEC-494","TCP Fragmentation",[],{"id":349,"name":350,"techniques":351},"CAPEC-495","UDP Fragmentation",[],{"id":353,"name":354,"techniques":355},"CAPEC-496","ICMP Fragmentation",[],{"id":357,"name":358,"techniques":359},"CAPEC-528","XML Flood",[360,386],{"id":147,"name":148,"tactics":361,"countermeasures":363},[362],{"id":35,"name":36},[364,366,368,370,372,374,376,378,380,382,384],{"id":39,"name":40,"tactic":365},{"name":42},{"id":44,"name":45,"tactic":367},{"name":42},{"id":48,"name":49,"tactic":369},{"name":42},{"id":52,"name":53,"tactic":371},{"name":42},{"id":56,"name":57,"tactic":373},{"name":42},{"id":60,"name":61,"tactic":375},{"name":42},{"id":64,"name":65,"tactic":377},{"name":42},{"id":68,"name":69,"tactic":379},{"name":42},{"id":72,"name":73,"tactic":381},{"name":42},{"id":76,"name":77,"tactic":383},{"name":79},{"id":81,"name":82,"tactic":385},{"name":79},{"id":31,"name":32,"tactics":387,"countermeasures":389},[388],{"id":35,"name":36},[390,392,394,396,398,400,402,404,406,408,410],{"id":39,"name":40,"tactic":391},{"name":42},{"id":44,"name":45,"tactic":393},{"name":42},{"id":48,"name":49,"tactic":395},{"name":42},{"id":52,"name":53,"tactic":397},{"name":42},{"id":56,"name":57,"tactic":399},{"name":42},{"id":60,"name":61,"tactic":401},{"name":42},{"id":64,"name":65,"tactic":403},{"name":42},{"id":68,"name":69,"tactic":405},{"name":42},{"id":72,"name":73,"tactic":407},{"name":42},{"id":76,"name":77,"tactic":409},{"name":79},{"id":81,"name":82,"tactic":411},{"name":79},[],[414,415],"GHSA-jhf3-xxhw-2wpp","GO-2026-4910",[],[418,420,422,424],{"_key":419},"OPENSUSE-SU-2026:10509-1",{"_key":421},"DEBIAN-CVE-2026-34165",{"_key":423},"OPENSUSE-SU-2026:10684-1",{"_key":425},"UBUNTU-CVE-2026-34165",[],[428,429,430],{"_key":419},{"_key":423},{"_key":431},"CGA-M74G-HR5C-WFMV","2026-03-31T13:46:37.688Z","2026-04-02T15:10:17.724Z","Analyzed",{"cisa_kev":436,"cisa_ransomware":436,"cisa_vendor":9,"epss_severity":437,"epss_score":438,"severity":439,"severity_score":440,"severity_version":441,"severity_source":442,"severity_vector":443,"severity_status":434},false,"low",0.00005,"medium",5,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",[445,455,460,467],{"url":446,"sources":447,"tags":450},"https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp",[448,442,449],"osv_go","nvd",[451,452,453,454],"WEB","X Refsource CONFIRM","Vendor Advisory","Advisory",{"url":456,"sources":457,"tags":458},"https://github.com/go-git/go-git",[448],[459],"PACKAGE",{"url":461,"sources":462,"tags":463},"https://github.com/go-git/go-git/releases/tag/v5.17.1",[448,442,449],[451,464,465,466],"X Refsource MISC","Product","Release Notes",{"url":468,"sources":469,"tags":470},"https://nvd.nist.gov/vuln/detail/CVE-2026-34165",[448],[454],[],{"date":473,"score":438,"percentile":474},"2026-06-05",0.00297,[476,480,483,486,489,492,495,498,501,504,507,510,513,516,519,522,525,528,531,534,537,540,543,546,548,550,553,556,559,561,564,566,570,573,576,578,581,583,586,589,592,595,598,601,604,606,609,611,614,616,619,621,624,627,629,632,635,638,640,643,645,647,650,653,656,658],{"date":477,"score":478,"percentile":479},"2026-04-01",0.00013,0.02022,{"date":481,"score":478,"percentile":482},"2026-04-02",0.02094,{"date":484,"score":478,"percentile":485},"2026-04-03",0.02159,{"date":487,"score":478,"percentile":488},"2026-04-04",0.02158,{"date":490,"score":478,"percentile":491},"2026-04-05",0.02155,{"date":493,"score":478,"percentile":494},"2026-04-06",0.02261,{"date":496,"score":478,"percentile":497},"2026-04-07",0.0226,{"date":499,"score":478,"percentile":500},"2026-04-08",0.02262,{"date":502,"score":478,"percentile":503},"2026-04-09",0.02284,{"date":505,"score":478,"percentile":506},"2026-04-10",0.02283,{"date":508,"score":478,"percentile":509},"2026-04-11",0.02266,{"date":511,"score":478,"percentile":512},"2026-04-12",0.02254,{"date":514,"score":478,"percentile":515},"2026-04-13",0.02252,{"date":517,"score":478,"percentile":518},"2026-04-14",0.02235,{"date":520,"score":478,"percentile":521},"2026-04-15",0.02225,{"date":523,"score":478,"percentile":524},"2026-04-16",0.02234,{"date":526,"score":478,"percentile":527},"2026-04-17",0.02237,{"date":529,"score":478,"percentile":530},"2026-04-18",0.02244,{"date":532,"score":478,"percentile":533},"2026-04-19",0.02231,{"date":535,"score":478,"percentile":536},"2026-04-20",0.02213,{"date":538,"score":438,"percentile":539},"2026-04-21",0.00285,{"date":541,"score":438,"percentile":542},"2026-04-22",0.00284,{"date":544,"score":438,"percentile":545},"2026-04-23",0.00286,{"date":547,"score":438,"percentile":539},"2026-04-24",{"date":549,"score":438,"percentile":542},"2026-04-25",{"date":551,"score":438,"percentile":552},"2026-04-26",0.00283,{"date":554,"score":438,"percentile":555},"2026-04-27",0.00281,{"date":557,"score":438,"percentile":558},"2026-04-28",0.00278,{"date":560,"score":438,"percentile":558},"2026-04-29",{"date":562,"score":438,"percentile":563},"2026-04-30",0.0028,{"date":565,"score":438,"percentile":563},"2026-05-01",{"date":567,"score":568,"percentile":569},"2026-05-02",0.00006,0.00392,{"date":571,"score":568,"percentile":572},"2026-05-03",0.00391,{"date":574,"score":568,"percentile":575},"2026-05-04",0.0039,{"date":577,"score":568,"percentile":575},"2026-05-05",{"date":579,"score":568,"percentile":580},"2026-05-06",0.00393,{"date":582,"score":568,"percentile":580},"2026-05-07",{"date":584,"score":568,"percentile":585},"2026-05-08",0.00387,{"date":587,"score":568,"percentile":588},"2026-05-09",0.00386,{"date":590,"score":568,"percentile":591},"2026-05-10",0.00383,{"date":593,"score":568,"percentile":594},"2026-05-11",0.00379,{"date":596,"score":568,"percentile":597},"2026-05-12",0.00375,{"date":599,"score":568,"percentile":600},"2026-05-13",0.00374,{"date":602,"score":568,"percentile":603},"2026-05-14",0.00378,{"date":605,"score":568,"percentile":603},"2026-05-15",{"date":607,"score":568,"percentile":608},"2026-05-16",0.00377,{"date":610,"score":568,"percentile":600},"2026-05-17",{"date":612,"score":568,"percentile":613},"2026-05-18",0.00369,{"date":615,"score":568,"percentile":613},"2026-05-19",{"date":617,"score":568,"percentile":618},"2026-05-20",0.0037,{"date":620,"score":568,"percentile":613},"2026-05-21",{"date":622,"score":568,"percentile":623},"2026-05-22",0.004,{"date":625,"score":568,"percentile":626},"2026-05-23",0.00398,{"date":628,"score":568,"percentile":626},"2026-05-24",{"date":630,"score":568,"percentile":631},"2026-05-25",0.00396,{"date":633,"score":568,"percentile":634},"2026-05-26",0.00395,{"date":636,"score":568,"percentile":637},"2026-05-27",0.00402,{"date":639,"score":568,"percentile":637},"2026-05-28",{"date":641,"score":438,"percentile":642},"2026-05-29",0.00291,{"date":644,"score":438,"percentile":474},"2026-05-30",{"date":646,"score":438,"percentile":474},"2026-05-31",{"date":648,"score":438,"percentile":649},"2026-06-01",0.00293,{"date":651,"score":438,"percentile":652},"2026-06-02",0.00299,{"date":654,"score":438,"percentile":655},"2026-06-03",0.00298,{"date":657,"score":438,"percentile":474},"2026-06-04",{"date":473,"score":438,"percentile":474},[660,664,667],{"source":448,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":661,"cvss_v4_0":9},{"baseScore":440,"baseSeverity":9,"vectorString":443,"impactScore":662,"exploitabilityScore":663},6,3.3,{"source":442,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":665,"cvss_v4_0":9},{"baseScore":440,"baseSeverity":666,"vectorString":443,"impactScore":662,"exploitabilityScore":663},"MEDIUM",{"source":449,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":668,"cvss_v4_0":9},{"baseScore":440,"baseSeverity":666,"vectorString":443,"impactScore":662,"exploitabilityScore":663},[670,683,687,696,701],{"ecosystem":9,"name":671,"vendor":672,"product":671,"cpe_part":673,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":674},"go-git","go-git_project","a",[675],{"version":676,"is_range":677,"range_type":678,"version_start":679,"version_start_type":680,"version_end":681,"version_end_type":682,"fixed_in":9},"gte5.0.0_lt5.17.1",true,"cpe","5.0.0","including","5.17.1","excluding",{"ecosystem":9,"name":671,"vendor":671,"product":671,"cpe_part":673,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":684},[685],{"version":686,"is_range":677,"range_type":442,"version_start":679,"version_start_type":680,"version_end":681,"version_end_type":682,"fixed_in":9},">= 5.0.0, \u003C 5.17.1",{"ecosystem":688,"name":689,"vendor":690,"product":671,"cpe_part":9,"purl_type":691,"purl_namespace":690,"purl_name":671,"source":9,"versions":692},"Go","github.com/go-git/go-git","github.com/go-git","golang",[693],{"version":694,"is_range":677,"range_type":695,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all","semver",{"ecosystem":688,"name":697,"vendor":689,"product":698,"cpe_part":9,"purl_type":691,"purl_namespace":689,"purl_name":698,"source":9,"versions":699},"github.com/go-git/go-git/v4","v4",[700],{"version":694,"is_range":677,"range_type":695,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":688,"name":702,"vendor":689,"product":703,"cpe_part":9,"purl_type":691,"purl_namespace":689,"purl_name":703,"source":9,"versions":704},"github.com/go-git/go-git/v5","v5",[705],{"version":706,"is_range":677,"range_type":695,"version_start":679,"version_start_type":680,"version_end":681,"version_end_type":682,"fixed_in":9},"gte5_0_0_lt5_17_1"]