Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/136091?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/136091?format=api", "purl": "pkg:deb/debian/xen@4.8.1-1%2Bdeb9u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "xen", "version": "4.8.1-1+deb9u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.8.1-1+deb9u3", "latest_non_vulnerable_version": "4.20.2+7-g1badcf5035-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106341?format=api", "vulnerability_id": "VCID-4xnd-n39k-2bhg", "summary": "Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8903.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8903.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00366", "scoring_system": "epss", "scoring_elements": "0.58836", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443222", "reference_id": "1443222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443222" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861659", "reference_id": "861659", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861659" }, { "reference_url": "https://security.gentoo.org/glsa/201705-11", "reference_id": "GLSA-201705-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-11" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-213.html", "reference_id": "XSA-213", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-213.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/136091?format=api", "purl": "pkg:deb/debian/xen@4.8.1-1%2Bdeb9u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.8.1-1%252Bdeb9u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135902?format=api", "purl": "pkg:deb/debian/xen@4.14.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27xc-hy1s-n7bf" }, { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-2wu6-2tup-2ub2" }, { "vulnerability": "VCID-339r-nmjn-gfa2" }, { "vulnerability": "VCID-3nb3-3wud-jfhv" }, { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-6uvb-67h4-1fgy" }, { "vulnerability": "VCID-7yrz-z3a2-vkgg" }, { "vulnerability": "VCID-8gj8-dga7-gkht" }, { "vulnerability": "VCID-8r4d-1tcs-13gd" }, { "vulnerability": "VCID-9g21-rc3r-5uer" }, { "vulnerability": "VCID-c58r-gesb-f7hq" }, { "vulnerability": "VCID-cgzn-pdre-1bec" }, { "vulnerability": "VCID-cvj7-478z-x3b1" }, { "vulnerability": "VCID-dke6-vwb6-fuf4" }, { "vulnerability": "VCID-dwq4-9tk2-8yfp" }, { "vulnerability": "VCID-f7v4-85sw-1keq" }, { "vulnerability": "VCID-fwx8-9f5e-v7hw" }, { "vulnerability": "VCID-jcpf-68kx-67fr" }, { "vulnerability": "VCID-jm1q-fxpu-qbg3" }, { "vulnerability": "VCID-k3xq-ruut-3yhw" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" }, { "vulnerability": "VCID-k6gh-hx5m-wba2" }, { "vulnerability": "VCID-kcwp-bu7h-6kds" }, { "vulnerability": "VCID-kpyj-6qpe-pbep" }, { "vulnerability": "VCID-ma7k-xrxw-vubd" }, { "vulnerability": "VCID-ma9d-b2uy-jkft" }, { "vulnerability": "VCID-mvnt-qc9z-jygu" }, { "vulnerability": "VCID-navq-t6wp-xqaf" }, { "vulnerability": "VCID-rm4s-2uwv-tkac" }, { "vulnerability": "VCID-rw5e-3s13-hycn" }, { "vulnerability": "VCID-su6k-nv2m-yqac" }, { "vulnerability": "VCID-swjx-x5hb-n3c2" }, { "vulnerability": "VCID-sx9z-gbkd-8fgv" }, { "vulnerability": "VCID-t5nz-98gp-7fa1" }, { "vulnerability": "VCID-t63z-5wwn-1bh9" }, { "vulnerability": "VCID-t9tt-yd4b-r3cy" }, { "vulnerability": "VCID-u4yc-hhne-2kaz" }, { "vulnerability": "VCID-vj8v-zms6-gug9" }, { "vulnerability": "VCID-vkt6-fjzc-4uay" }, { "vulnerability": "VCID-w8sx-m2vx-1ucv" }, { "vulnerability": "VCID-wuca-6w96-kfdp" }, { "vulnerability": "VCID-x9md-fcrv-y7d8" }, { "vulnerability": "VCID-xa2b-k4ye-e7d3" }, { "vulnerability": "VCID-yqrw-w2g9-2kf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.14.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135900?format=api", "purl": "pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135904?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135903?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-8903" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4xnd-n39k-2bhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106342?format=api", "vulnerability_id": "VCID-utm1-3457-cugt", "summary": "Xen through 4.8.x mishandles the \"contains segment descriptors\" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24981", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7228" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8905", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8905" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443223", "reference_id": "1443223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443223" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861660", "reference_id": "861660", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861660" }, { "reference_url": "https://security.gentoo.org/glsa/201705-11", "reference_id": "GLSA-201705-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201705-11" }, { "reference_url": "https://xenbits.xen.org/xsa/advisory-214.html", "reference_id": "XSA-214", "reference_type": "", "scores": [], "url": "https://xenbits.xen.org/xsa/advisory-214.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/136091?format=api", "purl": "pkg:deb/debian/xen@4.8.1-1%2Bdeb9u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.8.1-1%252Bdeb9u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135902?format=api", "purl": "pkg:deb/debian/xen@4.14.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27xc-hy1s-n7bf" }, { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-2wu6-2tup-2ub2" }, { "vulnerability": "VCID-339r-nmjn-gfa2" }, { "vulnerability": "VCID-3nb3-3wud-jfhv" }, { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-6uvb-67h4-1fgy" }, { "vulnerability": "VCID-7yrz-z3a2-vkgg" }, { "vulnerability": "VCID-8gj8-dga7-gkht" }, { "vulnerability": "VCID-8r4d-1tcs-13gd" }, { "vulnerability": "VCID-9g21-rc3r-5uer" }, { "vulnerability": "VCID-c58r-gesb-f7hq" }, { "vulnerability": "VCID-cgzn-pdre-1bec" }, { "vulnerability": "VCID-cvj7-478z-x3b1" }, { "vulnerability": "VCID-dke6-vwb6-fuf4" }, { "vulnerability": "VCID-dwq4-9tk2-8yfp" }, { "vulnerability": "VCID-f7v4-85sw-1keq" }, { "vulnerability": "VCID-fwx8-9f5e-v7hw" }, { "vulnerability": "VCID-jcpf-68kx-67fr" }, { "vulnerability": "VCID-jm1q-fxpu-qbg3" }, { "vulnerability": "VCID-k3xq-ruut-3yhw" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" }, { "vulnerability": "VCID-k6gh-hx5m-wba2" }, { "vulnerability": "VCID-kcwp-bu7h-6kds" }, { "vulnerability": "VCID-kpyj-6qpe-pbep" }, { "vulnerability": "VCID-ma7k-xrxw-vubd" }, { "vulnerability": "VCID-ma9d-b2uy-jkft" }, { "vulnerability": "VCID-mvnt-qc9z-jygu" }, { "vulnerability": "VCID-navq-t6wp-xqaf" }, { "vulnerability": "VCID-rm4s-2uwv-tkac" }, { "vulnerability": "VCID-rw5e-3s13-hycn" }, { "vulnerability": "VCID-su6k-nv2m-yqac" }, { "vulnerability": "VCID-swjx-x5hb-n3c2" }, { "vulnerability": "VCID-sx9z-gbkd-8fgv" }, { "vulnerability": "VCID-t5nz-98gp-7fa1" }, { "vulnerability": "VCID-t63z-5wwn-1bh9" }, { "vulnerability": "VCID-t9tt-yd4b-r3cy" }, { "vulnerability": "VCID-u4yc-hhne-2kaz" }, { "vulnerability": "VCID-vj8v-zms6-gug9" }, { "vulnerability": "VCID-vkt6-fjzc-4uay" }, { "vulnerability": "VCID-w8sx-m2vx-1ucv" }, { "vulnerability": "VCID-wuca-6w96-kfdp" }, { "vulnerability": "VCID-x9md-fcrv-y7d8" }, { "vulnerability": "VCID-xa2b-k4ye-e7d3" }, { "vulnerability": "VCID-yqrw-w2g9-2kf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.14.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135900?format=api", "purl": "pkg:deb/debian/xen@4.17.5%2B72-g01140da4e8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qbn-f381-abhx" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" }, { "vulnerability": "VCID-k5qj-xcvq-5ke1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.17.5%252B72-g01140da4e8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135904?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-0%2Bdeb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-0%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/135903?format=api", "purl": "pkg:deb/debian/xen@4.20.2%2B37-g61ff35323e-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qmr-dc83-fqb1" }, { "vulnerability": "VCID-67uu-vpqg-gbc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.20.2%252B37-g61ff35323e-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-8904" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utm1-3457-cugt" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xen@4.8.1-1%252Bdeb9u1%3Fdistro=trixie" }