Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/176997?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/176997?format=api", "purl": "pkg:rpm/redhat/openssl@0.9.8e-12.el5_6?arch=12", "type": "rpm", "namespace": "redhat", "name": "openssl", "version": "0.9.8e-12.el5_6", "qualifiers": { "arch": "12" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97093?format=api", "vulnerability_id": "VCID-kpyv-ydcz-1qev", "summary": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0224.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0224.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89694", "scoring_system": "epss", "scoring_elements": "0.99584", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.89694", "scoring_system": "epss", "scoring_elements": "0.99585", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.89694", "scoring_system": "epss", "scoring_elements": "0.99586", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586", "reference_id": "1103586", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750665", "reference_id": "750665", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750665" }, { "reference_url": "https://security.gentoo.org/glsa/201407-05", "reference_id": "GLSA-201407-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201407-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0624", "reference_id": "RHSA-2014:0624", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0624" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0625", "reference_id": "RHSA-2014:0625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0626", "reference_id": "RHSA-2014:0626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0627", "reference_id": "RHSA-2014:0627", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0628", "reference_id": "RHSA-2014:0628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0629", "reference_id": "RHSA-2014:0629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0630", "reference_id": "RHSA-2014:0630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0631", "reference_id": "RHSA-2014:0631", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0631" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0632", "reference_id": "RHSA-2014:0632", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0632" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0633", "reference_id": "RHSA-2014:0633", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0679", "reference_id": "RHSA-2014:0679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0680", "reference_id": "RHSA-2014:0680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0680" }, { "reference_url": "https://usn.ubuntu.com/2232-1/", "reference_id": "USN-2232-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2232-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2014-0224" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kpyv-ydcz-1qev" } ], "fixing_vulnerabilities": [], "risk_score": "1.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssl@0.9.8e-12.el5_6%3Farch=12" }