[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-39820":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T08:55:34.825Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":406,"aliases":407,"duplicate_of":9,"upstream":410,"downstream":411,"duplicates":420,"related":421,"reserved_at":9,"published_at":426,"modified_at":427,"state":428,"summary":429,"references_raw":438,"kevs":464,"epss":465,"epss_history":468,"metrics":557,"affected":565},"CVE-2026-39820","Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-770","Allocation of Resources Without Limits or Throttling","The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.","weakness","Incomplete","Base","High",[20,106,116,120,124,128,132,136,168,230,234,238,268,298,330,334,338,342,346,350],{"id":21,"name":22,"techniques":23},"CAPEC-125","Flooding",[24,78],{"id":25,"name":26,"tactics":27,"countermeasures":31},"T1498.001","Direct Network Flood",[28],{"id":29,"name":30},"TA0105","Impact",[32,37,41,45,49,53,57,61,65,69,74],{"id":33,"name":34,"tactic":35},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":36},"Detect",{"id":38,"name":39,"tactic":40},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":36},{"id":42,"name":43,"tactic":44},"D3-CSPP","Client-server Payload Profiling",{"name":36},{"id":46,"name":47,"tactic":48},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":36},{"id":50,"name":51,"tactic":52},"D3-NTSA","Network Traffic Signature Analysis",{"name":36},{"id":54,"name":55,"tactic":56},"D3-APCA","Application Protocol Command Analysis",{"name":36},{"id":58,"name":59,"tactic":60},"D3-NTCD","Network Traffic Community Deviation",{"name":36},{"id":62,"name":63,"tactic":64},"D3-RTSD","Remote Terminal Session Detection",{"name":36},{"id":66,"name":67,"tactic":68},"D3-ISVA","Inbound Session Volume Analysis",{"name":36},{"id":70,"name":71,"tactic":72},"D3-NTF","Network Traffic Filtering",{"name":73},"Isolate",{"id":75,"name":76,"tactic":77},"D3-ITF","Inbound Traffic Filtering",{"name":73},{"id":79,"name":80,"tactics":81,"countermeasures":83},"T1499","Endpoint Denial of Service",[82],{"id":29,"name":30},[84,86,88,90,92,94,96,98,100,102,104],{"id":33,"name":34,"tactic":85},{"name":36},{"id":38,"name":39,"tactic":87},{"name":36},{"id":42,"name":43,"tactic":89},{"name":36},{"id":46,"name":47,"tactic":91},{"name":36},{"id":50,"name":51,"tactic":93},{"name":36},{"id":54,"name":55,"tactic":95},{"name":36},{"id":58,"name":59,"tactic":97},{"name":36},{"id":62,"name":63,"tactic":99},{"name":36},{"id":66,"name":67,"tactic":101},{"name":36},{"id":70,"name":71,"tactic":103},{"name":73},{"id":75,"name":76,"tactic":105},{"name":73},{"id":107,"name":108,"techniques":109},"CAPEC-130","Excessive Allocation",[110],{"id":111,"name":112,"tactics":113,"countermeasures":115},"T1499.003","Application Exhaustion Flood",[114],{"id":29,"name":30},[],{"id":117,"name":118,"techniques":119},"CAPEC-147","XML Ping of the Death",[],{"id":121,"name":122,"techniques":123},"CAPEC-197","Exponential Data Expansion",[],{"id":125,"name":126,"techniques":127},"CAPEC-229","Serialized Data Parameter Blowup",[],{"id":129,"name":130,"techniques":131},"CAPEC-230","Serialized Data with Nested Payloads",[],{"id":133,"name":134,"techniques":135},"CAPEC-231","Oversized Serialized Data Payloads",[],{"id":137,"name":138,"techniques":139},"CAPEC-469","HTTP DoS",[140],{"id":141,"name":142,"tactics":143,"countermeasures":145},"T1499.002","Service Exhaustion Flood",[144],{"id":29,"name":30},[146,148,150,152,154,156,158,160,162,164,166],{"id":33,"name":34,"tactic":147},{"name":36},{"id":38,"name":39,"tactic":149},{"name":36},{"id":42,"name":43,"tactic":151},{"name":36},{"id":46,"name":47,"tactic":153},{"name":36},{"id":50,"name":51,"tactic":155},{"name":36},{"id":54,"name":55,"tactic":157},{"name":36},{"id":58,"name":59,"tactic":159},{"name":36},{"id":62,"name":63,"tactic":161},{"name":36},{"id":66,"name":67,"tactic":163},{"name":36},{"id":70,"name":71,"tactic":165},{"name":73},{"id":75,"name":76,"tactic":167},{"name":73},{"id":169,"name":170,"techniques":171},"CAPEC-482","TCP Flood",[172,198,204],{"id":25,"name":26,"tactics":173,"countermeasures":175},[174],{"id":29,"name":30},[176,178,180,182,184,186,188,190,192,194,196],{"id":33,"name":34,"tactic":177},{"name":36},{"id":38,"name":39,"tactic":179},{"name":36},{"id":42,"name":43,"tactic":181},{"name":36},{"id":46,"name":47,"tactic":183},{"name":36},{"id":50,"name":51,"tactic":185},{"name":36},{"id":54,"name":55,"tactic":187},{"name":36},{"id":58,"name":59,"tactic":189},{"name":36},{"id":62,"name":63,"tactic":191},{"name":36},{"id":66,"name":67,"tactic":193},{"name":36},{"id":70,"name":71,"tactic":195},{"name":73},{"id":75,"name":76,"tactic":197},{"name":73},{"id":199,"name":200,"tactics":201,"countermeasures":203},"T1499.001","OS Exhaustion Flood",[202],{"id":29,"name":30},[],{"id":141,"name":142,"tactics":205,"countermeasures":207},[206],{"id":29,"name":30},[208,210,212,214,216,218,220,222,224,226,228],{"id":33,"name":34,"tactic":209},{"name":36},{"id":38,"name":39,"tactic":211},{"name":36},{"id":42,"name":43,"tactic":213},{"name":36},{"id":46,"name":47,"tactic":215},{"name":36},{"id":50,"name":51,"tactic":217},{"name":36},{"id":54,"name":55,"tactic":219},{"name":36},{"id":58,"name":59,"tactic":221},{"name":36},{"id":62,"name":63,"tactic":223},{"name":36},{"id":66,"name":67,"tactic":225},{"name":36},{"id":70,"name":71,"tactic":227},{"name":73},{"id":75,"name":76,"tactic":229},{"name":73},{"id":231,"name":232,"techniques":233},"CAPEC-486","UDP Flood",[],{"id":235,"name":236,"techniques":237},"CAPEC-487","ICMP Flood",[],{"id":239,"name":240,"techniques":241},"CAPEC-488","HTTP Flood",[242],{"id":141,"name":142,"tactics":243,"countermeasures":245},[244],{"id":29,"name":30},[246,248,250,252,254,256,258,260,262,264,266],{"id":33,"name":34,"tactic":247},{"name":36},{"id":38,"name":39,"tactic":249},{"name":36},{"id":42,"name":43,"tactic":251},{"name":36},{"id":46,"name":47,"tactic":253},{"name":36},{"id":50,"name":51,"tactic":255},{"name":36},{"id":54,"name":55,"tactic":257},{"name":36},{"id":58,"name":59,"tactic":259},{"name":36},{"id":62,"name":63,"tactic":261},{"name":36},{"id":66,"name":67,"tactic":263},{"name":36},{"id":70,"name":71,"tactic":265},{"name":73},{"id":75,"name":76,"tactic":267},{"name":73},{"id":269,"name":270,"techniques":271},"CAPEC-489","SSL Flood",[272],{"id":141,"name":142,"tactics":273,"countermeasures":275},[274],{"id":29,"name":30},[276,278,280,282,284,286,288,290,292,294,296],{"id":33,"name":34,"tactic":277},{"name":36},{"id":38,"name":39,"tactic":279},{"name":36},{"id":42,"name":43,"tactic":281},{"name":36},{"id":46,"name":47,"tactic":283},{"name":36},{"id":50,"name":51,"tactic":285},{"name":36},{"id":54,"name":55,"tactic":287},{"name":36},{"id":58,"name":59,"tactic":289},{"name":36},{"id":62,"name":63,"tactic":291},{"name":36},{"id":66,"name":67,"tactic":293},{"name":36},{"id":70,"name":71,"tactic":295},{"name":73},{"id":75,"name":76,"tactic":297},{"name":73},{"id":299,"name":300,"techniques":301},"CAPEC-490","Amplification",[302],{"id":303,"name":304,"tactics":305,"countermeasures":307},"T1498.002","Reflection Amplification",[306],{"id":29,"name":30},[308,310,312,314,316,318,320,322,324,326,328],{"id":33,"name":34,"tactic":309},{"name":36},{"id":38,"name":39,"tactic":311},{"name":36},{"id":42,"name":43,"tactic":313},{"name":36},{"id":46,"name":47,"tactic":315},{"name":36},{"id":50,"name":51,"tactic":317},{"name":36},{"id":54,"name":55,"tactic":319},{"name":36},{"id":58,"name":59,"tactic":321},{"name":36},{"id":62,"name":63,"tactic":323},{"name":36},{"id":66,"name":67,"tactic":325},{"name":36},{"id":70,"name":71,"tactic":327},{"name":73},{"id":75,"name":76,"tactic":329},{"name":73},{"id":331,"name":332,"techniques":333},"CAPEC-491","Quadratic Data Expansion",[],{"id":335,"name":336,"techniques":337},"CAPEC-493","SOAP Array Blowup",[],{"id":339,"name":340,"techniques":341},"CAPEC-494","TCP Fragmentation",[],{"id":343,"name":344,"techniques":345},"CAPEC-495","UDP Fragmentation",[],{"id":347,"name":348,"techniques":349},"CAPEC-496","ICMP Fragmentation",[],{"id":351,"name":352,"techniques":353},"CAPEC-528","XML Flood",[354,380],{"id":141,"name":142,"tactics":355,"countermeasures":357},[356],{"id":29,"name":30},[358,360,362,364,366,368,370,372,374,376,378],{"id":33,"name":34,"tactic":359},{"name":36},{"id":38,"name":39,"tactic":361},{"name":36},{"id":42,"name":43,"tactic":363},{"name":36},{"id":46,"name":47,"tactic":365},{"name":36},{"id":50,"name":51,"tactic":367},{"name":36},{"id":54,"name":55,"tactic":369},{"name":36},{"id":58,"name":59,"tactic":371},{"name":36},{"id":62,"name":63,"tactic":373},{"name":36},{"id":66,"name":67,"tactic":375},{"name":36},{"id":70,"name":71,"tactic":377},{"name":73},{"id":75,"name":76,"tactic":379},{"name":73},{"id":25,"name":26,"tactics":381,"countermeasures":383},[382],{"id":29,"name":30},[384,386,388,390,392,394,396,398,400,402,404],{"id":33,"name":34,"tactic":385},{"name":36},{"id":38,"name":39,"tactic":387},{"name":36},{"id":42,"name":43,"tactic":389},{"name":36},{"id":46,"name":47,"tactic":391},{"name":36},{"id":50,"name":51,"tactic":393},{"name":36},{"id":54,"name":55,"tactic":395},{"name":36},{"id":58,"name":59,"tactic":397},{"name":36},{"id":62,"name":63,"tactic":399},{"name":36},{"id":66,"name":67,"tactic":401},{"name":36},{"id":70,"name":71,"tactic":403},{"name":73},{"id":75,"name":76,"tactic":405},{"name":73},[],[408,409],"GO-2026-4986","BIT-golang-2026-39820",[],[412,414,416,418],{"_key":413},"OPENSUSE-SU-2026:10723-1",{"_key":415},"OPENSUSE-SU-2026:10741-1",{"_key":417},"DEBIAN-CVE-2026-39820",{"_key":419},"UBUNTU-CVE-2026-39820",[],[422,423,424],{"_key":413},{"_key":415},{"_key":425},"CGA-H3RH-HG4Q-4X4P","2026-05-07T19:41:19.854Z","2026-05-08T14:27:54.923Z","Analyzed",{"cisa_kev":430,"cisa_ransomware":430,"cisa_vendor":9,"epss_severity":431,"epss_score":432,"severity":433,"severity_score":434,"severity_version":435,"severity_source":436,"severity_vector":437,"severity_status":428},false,"low",0.00054,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[439,447,453,459],{"url":440,"sources":441,"tags":444},"https://go.dev/issue/78566",[436,442,443],"nvd","osv_go",[445,446],"REPORT","Issue Tracking",{"url":448,"sources":449,"tags":450},"https://go.dev/cl/759940",[436,442,443],[451,452],"FIX","Patch",{"url":454,"sources":455,"tags":456},"https://groups.google.com/g/golang-announce/c/qcCIEXso47M",[436,442,443],[457,446,458],"WEB","Mailing List",{"url":460,"sources":461,"tags":462},"https://pkg.go.dev/vuln/GO-2026-4986",[436,442],[463],"Vendor Advisory",[],{"date":466,"score":432,"percentile":467},"2026-06-05",0.17157,[469,473,477,480,483,486,490,493,496,499,502,505,508,511,514,517,520,523,526,529,532,535,538,541,544,547,550,553,556],{"date":470,"score":471,"percentile":472},"2026-05-08",0.00018,0.04677,{"date":474,"score":475,"percentile":476},"2026-05-09",0.00042,0.12593,{"date":478,"score":475,"percentile":479},"2026-05-10",0.12597,{"date":481,"score":475,"percentile":482},"2026-05-11",0.1259,{"date":484,"score":475,"percentile":485},"2026-05-12",0.12617,{"date":487,"score":488,"percentile":489},"2026-05-13",0.00055,0.17079,{"date":491,"score":432,"percentile":492},"2026-05-14",0.1682,{"date":494,"score":432,"percentile":495},"2026-05-15",0.16819,{"date":497,"score":432,"percentile":498},"2026-05-16",0.1683,{"date":500,"score":432,"percentile":501},"2026-05-17",0.1681,{"date":503,"score":432,"percentile":504},"2026-05-18",0.1676,{"date":506,"score":432,"percentile":507},"2026-05-19",0.16734,{"date":509,"score":432,"percentile":510},"2026-05-20",0.16748,{"date":512,"score":432,"percentile":513},"2026-05-21",0.16736,{"date":515,"score":432,"percentile":516},"2026-05-22",0.16887,{"date":518,"score":432,"percentile":519},"2026-05-23",0.16868,{"date":521,"score":432,"percentile":522},"2026-05-24",0.16834,{"date":524,"score":432,"percentile":525},"2026-05-25",0.16814,{"date":527,"score":432,"percentile":528},"2026-05-26",0.16808,{"date":530,"score":432,"percentile":531},"2026-05-27",0.16905,{"date":533,"score":432,"percentile":534},"2026-05-28",0.17039,{"date":536,"score":432,"percentile":537},"2026-05-29",0.17108,{"date":539,"score":432,"percentile":540},"2026-05-30",0.17099,{"date":542,"score":432,"percentile":543},"2026-05-31",0.17089,{"date":545,"score":432,"percentile":546},"2026-06-01",0.1707,{"date":548,"score":432,"percentile":549},"2026-06-02",0.17071,{"date":551,"score":432,"percentile":552},"2026-06-03",0.17064,{"date":554,"score":432,"percentile":555},"2026-06-04",0.1708,{"date":466,"score":432,"percentile":467},[558,563],{"source":436,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":559,"cvss_v4_0":9},{"baseScore":434,"baseSeverity":560,"vectorString":437,"impactScore":561,"exploitabilityScore":562},"HIGH",6,10,{"source":442,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":564,"cvss_v4_0":9},{"baseScore":434,"baseSeverity":560,"vectorString":437,"impactScore":561,"exploitabilityScore":562},[566,581,591],{"ecosystem":9,"name":567,"vendor":568,"product":567,"cpe_part":569,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":570},"net/mail","go standard library","a",[571,576],{"version":572,"is_range":573,"range_type":436,"version_start":9,"version_start_type":9,"version_end":574,"version_end_type":575,"fixed_in":9},"\u003C 1.25.10",true,"1.25.10","excluding",{"version":577,"is_range":573,"range_type":436,"version_start":578,"version_start_type":579,"version_end":580,"version_end_type":575,"fixed_in":9},">= 1.26.0-0, \u003C 1.26.3","1.26.0-0","including","1.26.3",{"ecosystem":9,"name":582,"vendor":583,"product":582,"cpe_part":569,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":584},"go","golang",[585,588],{"version":586,"is_range":573,"range_type":587,"version_start":9,"version_start_type":9,"version_end":574,"version_end_type":575,"fixed_in":9},"lt1.25.10","cpe",{"version":589,"is_range":573,"range_type":587,"version_start":590,"version_start_type":579,"version_end":580,"version_end_type":575,"fixed_in":9},"gte1.26.0_lt1.26.3","1.26.0",{"ecosystem":592,"name":593,"vendor":592,"product":593,"cpe_part":9,"purl_type":583,"purl_namespace":9,"purl_name":593,"source":9,"versions":594},"Go","stdlib",[595],{"version":596,"is_range":573,"range_type":597,"version_start":578,"version_start_type":579,"version_end":580,"version_end_type":575,"fixed_in":9},"gte1_26_0_0_lt1_26_3","semver"]