VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/144263?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/144263?format=api",
    "purl": "pkg:maven/org.apache.hive/hive@2.0.1",
    "type": "maven",
    "namespace": "org.apache.hive",
    "name": "hive",
    "version": "2.0.1",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "3.1.3",
    "latest_non_vulnerable_version": "3.1.3",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40420?format=api",
            "vulnerability_id": "VCID-c6s8-kd2p-b3cn",
            "summary": "Improper Access Control\nIn Apache Hive, local resources on HiveServer2 machines are not properly protected against a malicious user if ranger, sentry or sql standard authorizer is not in use.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11777",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00249",
                            "scoring_system": "epss",
                            "scoring_elements": "0.48428",
                            "published_at": "2026-06-07T12:55:00Z"
                        },
                        {
                            "value": "0.00249",
                            "scoring_system": "epss",
                            "scoring_elements": "0.48399",
                            "published_at": "2026-06-08T12:55:00Z"
                        },
                        {
                            "value": "0.00249",
                            "scoring_system": "epss",
                            "scoring_elements": "0.48441",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00249",
                            "scoring_system": "epss",
                            "scoring_elements": "0.48378",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00249",
                            "scoring_system": "epss",
                            "scoring_elements": "0.48447",
                            "published_at": "2026-06-06T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11777"
                },
                {
                    "reference_url": "https://github.com/apache/hive/commit/00c0ee7bc4b8492476b377a6edafcc33411f14b",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/apache/hive/commit/00c0ee7bc4b8492476b377a6edafcc33411f14b"
                },
                {
                    "reference_url": "https://github.com/apache/hive/commit/1a1d6ca1bc3ae840238dc345fa1eb2c7c28c8cb",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/apache/hive/commit/1a1d6ca1bc3ae840238dc345fa1eb2c7c28c8cb"
                },
                {
                    "reference_url": "https://github.com/apache/hive/commit/f0419dfaabe31dd7802c37aeebab101265907e1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/apache/hive/commit/f0419dfaabe31dd7802c37aeebab101265907e1"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/105886",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.securityfocus.com/bid/105886"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11777",
                    "reference_id": "CVE-2018-11777",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11777"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-rrfq-g5fq-fc9c",
                    "reference_id": "GHSA-rrfq-g5fq-fc9c",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-rrfq-g5fq-fc9c"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56971?format=api",
                    "purl": "pkg:maven/org.apache.hive/hive@2.3.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gcgn-udwx-xqft"
                        },
                        {
                            "vulnerability": "VCID-he9j-yvcw-cuet"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56972?format=api",
                    "purl": "pkg:maven/org.apache.hive/hive@3.1.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gcgn-udwx-xqft"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@3.1.1"
                }
            ],
            "aliases": [
                "CVE-2018-11777",
                "GHSA-rrfq-g5fq-fc9c"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c6s8-kd2p-b3cn"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39541?format=api",
            "vulnerability_id": "VCID-cccj-uhyy-hbew",
            "summary": "Information Exposure\nIn Apache Hiveto, malicious user might use any xpath UDFs to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if `hive.serverenable.doAs=false`.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1284.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1284.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1284",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00469",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64908",
                            "published_at": "2026-06-08T12:55:00Z"
                        },
                        {
                            "value": "0.00469",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64878",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00469",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64919",
                            "published_at": "2026-06-07T12:55:00Z"
                        },
                        {
                            "value": "0.00469",
                            "scoring_system": "epss",
                            "scoring_elements": "0.6492",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00469",
                            "scoring_system": "epss",
                            "scoring_elements": "0.6493",
                            "published_at": "2026-06-06T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1284"
                },
                {
                    "reference_url": "https://github.com/apache/hive/commit/b0a58d245875dc1b3ac58a7cf1a61d3b17805e96",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/apache/hive/commit/b0a58d245875dc1b3ac58a7cf1a61d3b17805e96"
                },
                {
                    "reference_url": "https://github.com/apache/hive/commit/f80a38ae1174553022deae4f8774918401d9756d",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/hive/commit/f80a38ae1174553022deae4f8774918401d9756d"
                },
                {
                    "reference_url": "https://issues.apache.org/jira/browse/HIVE-18879",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://issues.apache.org/jira/browse/HIVE-18879"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4@%3Cdev.hive.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4@%3Cdev.hive.apache.org%3E"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/103750",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.securityfocus.com/bid/103750"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564357",
                    "reference_id": "1564357",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564357"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1284",
                    "reference_id": "CVE-2018-1284",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1284"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-rxmr-c9jm-7mm8",
                    "reference_id": "GHSA-rxmr-c9jm-7mm8",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-rxmr-c9jm-7mm8"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/55325?format=api",
                    "purl": "pkg:maven/org.apache.hive/hive@2.3.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-c6s8-kd2p-b3cn"
                        },
                        {
                            "vulnerability": "VCID-gcgn-udwx-xqft"
                        },
                        {
                            "vulnerability": "VCID-he9j-yvcw-cuet"
                        },
                        {
                            "vulnerability": "VCID-kp77-nwjw-rfgy"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.3"
                }
            ],
            "aliases": [
                "CVE-2018-1284",
                "GHSA-rxmr-c9jm-7mm8"
            ],
            "risk_score": 3.0,
            "exploitability": "0.5",
            "weighted_severity": "5.9",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cccj-uhyy-hbew"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110405?format=api",
            "vulnerability_id": "VCID-gcgn-udwx-xqft",
            "summary": "Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization.\nApache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34538",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00451",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64056",
                            "published_at": "2026-06-08T12:55:00Z"
                        },
                        {
                            "value": "0.00451",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64028",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00451",
                            "scoring_system": "epss",
                            "scoring_elements": "0.6407",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00451",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64079",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00451",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64068",
                            "published_at": "2026-06-07T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34538"
                },
                {
                    "reference_url": "https://github.com/apache/hive",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/apache/hive"
                },
                {
                    "reference_url": "https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34538",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34538"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-v3p8-j597-3xg8",
                    "reference_id": "GHSA-v3p8-j597-3xg8",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-v3p8-j597-3xg8"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/149043?format=api",
                    "purl": "pkg:maven/org.apache.hive/hive@3.1.3",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@3.1.3"
                }
            ],
            "aliases": [
                "CVE-2021-34538",
                "GHSA-v3p8-j597-3xg8"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gcgn-udwx-xqft"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54195?format=api",
            "vulnerability_id": "VCID-he9j-yvcw-cuet",
            "summary": "Information Exposure\nApache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1926",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00478",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65394",
                            "published_at": "2026-06-08T12:55:00Z"
                        },
                        {
                            "value": "0.00478",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65352",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00478",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65404",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00478",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65414",
                            "published_at": "2026-06-06T12:55:00Z"
                        },
                        {
                            "value": "0.00478",
                            "scoring_system": "epss",
                            "scoring_elements": "0.65403",
                            "published_at": "2026-06-07T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1926"
                },
                {
                    "reference_url": "https://issues.apache.org/jira/browse/HIVE-22708",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://issues.apache.org/jira/browse/HIVE-22708"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1926",
                    "reference_id": "CVE-2020-1926",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1926"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-54g4-5cf6-hjp3",
                    "reference_id": "GHSA-54g4-5cf6-hjp3",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-54g4-5cf6-hjp3"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/79992?format=api",
                    "purl": "pkg:maven/org.apache.hive/hive@2.3.8",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gcgn-udwx-xqft"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.8"
                }
            ],
            "aliases": [
                "CVE-2020-1926",
                "GHSA-54g4-5cf6-hjp3"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-he9j-yvcw-cuet"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40419?format=api",
            "vulnerability_id": "VCID-kp77-nwjw-rfgy",
            "summary": "Missing Authorization\nThe Hive `EXPLAIN` operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do `EXPLAIN` on arbitrary table or view and expose table metadata and statistics.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1314",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00374",
                            "scoring_system": "epss",
                            "scoring_elements": "0.59437",
                            "published_at": "2026-06-07T12:55:00Z"
                        },
                        {
                            "value": "0.00374",
                            "scoring_system": "epss",
                            "scoring_elements": "0.59418",
                            "published_at": "2026-06-08T12:55:00Z"
                        },
                        {
                            "value": "0.00374",
                            "scoring_system": "epss",
                            "scoring_elements": "0.59443",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00374",
                            "scoring_system": "epss",
                            "scoring_elements": "0.59392",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00374",
                            "scoring_system": "epss",
                            "scoring_elements": "0.59446",
                            "published_at": "2026-06-06T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1314"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/105884",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.securityfocus.com/bid/105884"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1314",
                    "reference_id": "CVE-2018-1314",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1314"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-jmf4-pq78-f8vj",
                    "reference_id": "GHSA-jmf4-pq78-f8vj",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-jmf4-pq78-f8vj"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56971?format=api",
                    "purl": "pkg:maven/org.apache.hive/hive@2.3.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gcgn-udwx-xqft"
                        },
                        {
                            "vulnerability": "VCID-he9j-yvcw-cuet"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.3.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/56972?format=api",
                    "purl": "pkg:maven/org.apache.hive/hive@3.1.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-gcgn-udwx-xqft"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@3.1.1"
                }
            ],
            "aliases": [
                "CVE-2018-1314",
                "GHSA-jmf4-pq78-f8vj"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kp77-nwjw-rfgy"
        }
    ],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38637?format=api",
            "vulnerability_id": "VCID-me8z-qek2-wfgn",
            "summary": "Improper Certificate Validation\nApache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive does not seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server `abc.com`, and the server responds with a valid certificate (certified by CA) but issued to `xyz.com`, the client will accept that as a valid certificate and the SSL handshake will go through.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3083",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00206",
                            "scoring_system": "epss",
                            "scoring_elements": "0.42936",
                            "published_at": "2026-06-07T12:55:00Z"
                        },
                        {
                            "value": "0.00206",
                            "scoring_system": "epss",
                            "scoring_elements": "0.429",
                            "published_at": "2026-06-08T12:55:00Z"
                        },
                        {
                            "value": "0.00206",
                            "scoring_system": "epss",
                            "scoring_elements": "0.42948",
                            "published_at": "2026-06-05T12:55:00Z"
                        },
                        {
                            "value": "0.00206",
                            "scoring_system": "epss",
                            "scoring_elements": "0.42874",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00206",
                            "scoring_system": "epss",
                            "scoring_elements": "0.42959",
                            "published_at": "2026-06-06T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3083"
                },
                {
                    "reference_url": "https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E"
                },
                {
                    "reference_url": "http://www.securityfocus.com/bid/98669",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.securityfocus.com/bid/98669"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3083",
                    "reference_id": "CVE-2016-3083",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3083"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-gf2v-9hp6-44qg",
                    "reference_id": "GHSA-gf2v-9hp6-44qg",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-gf2v-9hp6-44qg"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/53648?format=api",
                    "purl": "pkg:maven/org.apache.hive/hive@1.2.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-c6s8-kd2p-b3cn"
                        },
                        {
                            "vulnerability": "VCID-cccj-uhyy-hbew"
                        },
                        {
                            "vulnerability": "VCID-gcgn-udwx-xqft"
                        },
                        {
                            "vulnerability": "VCID-he9j-yvcw-cuet"
                        },
                        {
                            "vulnerability": "VCID-kp77-nwjw-rfgy"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@1.2.2"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/144263?format=api",
                    "purl": "pkg:maven/org.apache.hive/hive@2.0.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-c6s8-kd2p-b3cn"
                        },
                        {
                            "vulnerability": "VCID-cccj-uhyy-hbew"
                        },
                        {
                            "vulnerability": "VCID-gcgn-udwx-xqft"
                        },
                        {
                            "vulnerability": "VCID-he9j-yvcw-cuet"
                        },
                        {
                            "vulnerability": "VCID-kp77-nwjw-rfgy"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.0.1"
                }
            ],
            "aliases": [
                "CVE-2016-3083",
                "GHSA-gf2v-9hp6-44qg"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-me8z-qek2-wfgn"
        }
    ],
    "risk_score": "4.0",
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.hive/hive@2.0.1"
}

Package Instance