Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1199?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1199?format=api", "purl": "pkg:mozilla/Thunderbird@3.1.8", "type": "mozilla", "namespace": "", "name": "Thunderbird", "version": "3.1.8", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.1.10", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2812?format=api", "vulnerability_id": "VCID-5qnz-z32b-67hs", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053", "reference_id": "CVE-2011-0053", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01", "reference_id": "mfsa2011-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1199?format=api", "purl": "pkg:mozilla/Thunderbird@3.1.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.8" } ], "aliases": [ "CVE-2011-0053" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qnz-z32b-67hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2895?format=api", "vulnerability_id": "VCID-a9m3-2rfb-97cg", "summary": "Security researcher Jordi Chancel reported that a\nJPEG image could be constructed that would be decoded incorrectly,\ncausing data to be written past the end of a buffer created to store\nthe image. An attacker could potentially craft such an image that\nwould cause malicious code to be stored in memory and then later\nexecuted on a victim's computer.Firefox 3.5 was not affected by this issue.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0061", "reference_id": "CVE-2011-0061", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0061" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-09", "reference_id": "mfsa2011-09", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1199?format=api", "purl": "pkg:mozilla/Thunderbird@3.1.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.8" } ], "aliases": [ "CVE-2011-0061" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9m3-2rfb-97cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2899?format=api", "vulnerability_id": "VCID-aptj-btqv-2ygb", "summary": "Security researcher Roberto Suggi Liverani\nreported that ParanoidFragmentSink, a class used to\nsanitize potentially unsafe HTML for display,\nallows javascript: URLs and other inline JavaScript when\nthe embedding document is a chrome document. While there are no\nunsafe uses of this class in any released products, extension code\ncould have potentially used it in an unsafe manner.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585", "reference_id": "CVE-2010-1585", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-08", "reference_id": "mfsa2011-08", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-08" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1199?format=api", "purl": "pkg:mozilla/Thunderbird@3.1.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.8" } ], "aliases": [ "CVE-2010-1585" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aptj-btqv-2ygb" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.8" }