Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1253?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1253?format=api", "purl": "pkg:mozilla/SeaMonkey@2.33.1", "type": "mozilla", "namespace": "", "name": "SeaMonkey", "version": "2.33.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.35.0", "latest_non_vulnerable_version": "2.38.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3019?format=api", "vulnerability_id": "VCID-ggsp-g32j-7fdv", "summary": "Security researcher Mariusz Mlynski reported, through HP\nZero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a\nprivileged context. This bypassed the same-origin policy protections by using a\nflaw in the processing of SVG format content navigation.\nAn incomplete version of this fix was shipped in Firefox 36.0.3\nand Firefox ESR 31.5.2.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818", "reference_id": "CVE-2015-0818", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28", "reference_id": "mfsa2015-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1253?format=api", "purl": "pkg:mozilla/SeaMonkey@2.33.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.33.1" } ], "aliases": [ "CVE-2015-0818" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggsp-g32j-7fdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3047?format=api", "vulnerability_id": "VCID-q89v-v5au-w7a1", "summary": "Security researcher ilxu1a reported, through HP Zero Day\nInitiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array\nbounds checking in JavaScript just-in-time compilation (JIT) and its management\nof bounds checking for heap access. This flaw can be leveraged into the reading\nand writing of memory allowing for arbitrary code execution on the local system.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817", "reference_id": "CVE-2015-0817", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29", "reference_id": "mfsa2015-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1253?format=api", "purl": "pkg:mozilla/SeaMonkey@2.33.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.33.1" } ], "aliases": [ "CVE-2015-0817" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q89v-v5au-w7a1" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.33.1" }