Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/185039?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/185039?format=api", "purl": "pkg:composer/codeception/codeception@3.0.0", "type": "composer", "namespace": "codeception", "name": "codeception", "version": "3.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.1.3", "latest_non_vulnerable_version": "4.1.22", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41298?format=api", "vulnerability_id": "VCID-b2nm-8dre-37h5", "summary": "Deserialization of Untrusted Data\nThe RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23420", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00579", "scoring_system": "epss", "scoring_elements": "0.69256", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23420" }, { "reference_url": "https://github.com/advisories/GHSA-4574-qv3w-fcmg", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4574-qv3w-fcmg" }, { "reference_url": "https://github.com/Codeception/Codeception", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Codeception/Codeception" }, { "reference_url": "https://github.com/Codeception/Codeception/blob/4.1/CHANGELOG-4.x.md#4122", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Codeception/Codeception/blob/4.1/CHANGELOG-4.x.md#4122" }, { "reference_url": "https://github.com/Codeception/Codeception/blob/4.1/ext/RunProcess.php#L52", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Codeception/Codeception/blob/4.1/ext/RunProcess.php#L52" }, { "reference_url": "https://github.com/Codeception/Codeception/commit/802a108057d250ee563120eaa5365a519afc0a71", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Codeception/Codeception/commit/802a108057d250ee563120eaa5365a519afc0a71" }, { "reference_url": "https://github.com/Codeception/Codeception/commit/cbce9ea7f4664052fa1ac6b36f5b5a6dbd864d71", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Codeception/Codeception/commit/cbce9ea7f4664052fa1ac6b36f5b5a6dbd864d71" }, { "reference_url": "https://github.com/Codeception/Codeception/pull/6241", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Codeception/Codeception/pull/6241" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/codeception/codeception/CVE-2021-23420.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/codeception/codeception/CVE-2021-23420.yaml" }, { "reference_url": "https://github.com/JinYiTong/poc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/JinYiTong/poc" }, { "reference_url": "https://snyk.io/vuln/SNYK-PHP-CODECEPTIONCODECEPTION-1324585", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-PHP-CODECEPTIONCODECEPTION-1324585" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23420", "reference_id": "CVE-2021-23420", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23420" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58651?format=api", "purl": "pkg:composer/codeception/codeception@3.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/codeception/codeception@3.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/58652?format=api", "purl": "pkg:composer/codeception/codeception@4.1.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/codeception/codeception@4.1.22" } ], "aliases": [ "CVE-2021-23420", "GHSA-4574-qv3w-fcmg" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b2nm-8dre-37h5" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/codeception/codeception@3.0.0" }