Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1053111?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1053111?format=api", "purl": "pkg:deb/debian/pound@3.0-2", "type": "deb", "namespace": "debian", "name": "pound", "version": "3.0-2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92850?format=api", "vulnerability_id": "VCID-9pjk-kxgp-h7hc", "summary": "Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10711", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.76888", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.76895", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.76926", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.76908", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.76941", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.76952", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.7698", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.76959", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.76954", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.76995", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.76998", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.7699", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.77024", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00997", "scoring_system": "epss", "scoring_elements": "0.77031", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10711" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10711", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10711" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888786", "reference_id": "888786", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888786" }, { "reference_url": "https://usn.ubuntu.com/4702-1/", "reference_id": "USN-4702-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4702-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053111?format=api", "purl": "pkg:deb/debian/pound@3.0-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pound@3.0-2" } ], "aliases": [ "CVE-2016-10711" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9pjk-kxgp-h7hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93710?format=api", "vulnerability_id": "VCID-drv6-nz1y-ffdr", "summary": "Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-21245", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.5204", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52087", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52115", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52079", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52132", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52129", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.5218", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52163", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52148", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52188", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52192", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52174", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52121", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52128", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-21245" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21245", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21245" }, { "reference_url": "https://usn.ubuntu.com/4702-1/", "reference_id": "USN-4702-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4702-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053111?format=api", "purl": "pkg:deb/debian/pound@3.0-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pound@3.0-2" } ], "aliases": [ "CVE-2018-21245" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-drv6-nz1y-ffdr" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pound@3.0-2" }