Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1016564?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1016564?format=api", "purl": "pkg:apk/alpine/ffmpeg@6.1-r0?arch=aarch64&distroversion=v3.20&reponame=community", "type": "apk", "namespace": "alpine", "name": "ffmpeg", "version": "6.1-r0", "qualifiers": { "arch": "aarch64", "distroversion": "v3.20", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266561?format=api", "vulnerability_id": "VCID-cx7q-2vku-k7bx", "summary": "Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47470", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78254", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.782", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78196", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78228", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78226", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78221", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78218", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01358", "scoring_system": "epss", "scoring_elements": "0.80102", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01486", "scoring_system": "epss", "scoring_elements": "0.80999", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01486", "scoring_system": "epss", "scoring_elements": "0.80997", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01486", "scoring_system": "epss", "scoring_elements": "0.81026", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01486", "scoring_system": "epss", "scoring_elements": "0.81032", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47470" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1016564?format=api", "purl": "pkg:apk/alpine/ffmpeg@6.1-r0?arch=aarch64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@6.1-r0%3Farch=aarch64&distroversion=v3.20&reponame=community" } ], "aliases": [ "CVE-2023-47470" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cx7q-2vku-k7bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266551?format=api", "vulnerability_id": "VCID-vp1x-2g5t-6qca", "summary": "FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0334", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03352", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03361", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03366", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03386", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07455", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07442", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07431", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07358", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07345", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07472", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07432", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46407" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1016564?format=api", "purl": "pkg:apk/alpine/ffmpeg@6.1-r0?arch=aarch64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@6.1-r0%3Farch=aarch64&distroversion=v3.20&reponame=community" } ], "aliases": [ "CVE-2023-46407" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vp1x-2g5t-6qca" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ffmpeg@6.1-r0%3Farch=aarch64&distroversion=v3.20&reponame=community" }