Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/176271?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/176271?format=api", "purl": "pkg:rpm/redhat/picketlink-federation@2.1.9-5.SP3_redhat_2.1.ep6?arch=el6", "type": "rpm", "namespace": "redhat", "name": "picketlink-federation", "version": "2.1.9-5.SP3_redhat_2.1.ep6", "qualifiers": { "arch": "el6" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37728?format=api", "vulnerability_id": "VCID-cdqt-rqpk-27cm", "summary": "Information Exposure\nThe `org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory` method in PicketLink expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0883.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0883.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0884.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0884.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0885.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0885.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0886.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0886.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0091.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0091.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3530.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02131", "scoring_system": "epss", "scoring_elements": "0.8449", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3530" }, { "reference_url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1112987", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1112987" }, { "reference_url": "http://secunia.com/advisories/60047", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/60047" }, { "reference_url": "http://secunia.com/advisories/60124", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/60124" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94700", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94700" }, { "reference_url": "https://github.com/picketlink/picketlink", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/picketlink/picketlink" }, { "reference_url": "https://github.com/picketlink/picketlink/commit/8c78668e4f08cf3c4ed14d8a36d402dcf02cb057", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/picketlink/picketlink/commit/8c78668e4f08cf3c4ed14d8a36d402dcf02cb057" }, { "reference_url": "https://issues.jboss.org/browse/PLINK-509", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/PLINK-509" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3530" }, { "reference_url": "http://www.securitytracker.com/id/1030607", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1030607" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112987", "reference_id": "1112987", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112987" }, { "reference_url": "https://bugzilla.redhat.com/CVE-2014-3530", "reference_id": "CVE-2014-3530", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/CVE-2014-3530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0883", "reference_id": "RHSA-2014:0883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0884", "reference_id": "RHSA-2014:0884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0885", "reference_id": "RHSA-2014:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0886", "reference_id": "RHSA-2014:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0897", "reference_id": "RHSA-2014:0897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0898", "reference_id": "RHSA-2014:0898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0898" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0910", "reference_id": "RHSA-2014:0910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0091", "reference_id": "RHSA-2015:0091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0234", "reference_id": "RHSA-2015:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0235", "reference_id": "RHSA-2015:0235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0675", "reference_id": "RHSA-2015:0675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0720", "reference_id": "RHSA-2015:0720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0765", "reference_id": "RHSA-2015:0765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1009", "reference_id": "RHSA-2015:1009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1888", "reference_id": "RHSA-2015:1888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1888" } ], "fixed_packages": [], "aliases": [ "CVE-2014-3530", "GHSA-2c9q-qwrc-f486" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdqt-rqpk-27cm" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/picketlink-federation@2.1.9-5.SP3_redhat_2.1.ep6%3Farch=el6" }