Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/195441?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/195441?format=api", "purl": "pkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1", "type": "deb", "namespace": "debian", "name": "zabbix", "version": "1:6.0.14+dfsg-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:7.0.9+dfsg-1~bpo12+1", "latest_non_vulnerable_version": "1:7.0.9+dfsg-1~bpo12+1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107097?format=api", "vulnerability_id": "VCID-3azv-fsyx-n3fz", "summary": "Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.", "references": [ { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195442?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29458" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3azv-fsyx-n3fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107120?format=api", "vulnerability_id": "VCID-jkcz-zpks-ubgz", "summary": "The implementation of atob in \"Zabbix JS\" allows to create a string with arbitrary content and use it to access internal properties of objects.", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195442?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36463" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkcz-zpks-ubgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107104?format=api", "vulnerability_id": "VCID-m5us-tmqh-wkbm", "summary": "The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195442?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-32725" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5us-tmqh-wkbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107123?format=api", "vulnerability_id": "VCID-pr1g-m4k2-1ue1", "summary": "A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195442?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-36466" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pr1g-m4k2-1ue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107140?format=api", "vulnerability_id": "VCID-tbsd-gk6n-9ygc", "summary": "Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.", "references": [ { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117448", "reference_id": "1117448", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117448" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195442?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2025-27233" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tbsd-gk6n-9ygc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107093?format=api", "vulnerability_id": "VCID-xwr8-85au-ukd7", "summary": "Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.", "references": [ { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175", "reference_id": "1055175", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195442?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2023-29454" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xwr8-85au-ukd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/107111?format=api", "vulnerability_id": "VCID-ytep-z8dn-vfh7", "summary": "When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/195442?format=api", "purl": "pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1" } ], "aliases": [ "CVE-2024-22117" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ytep-z8dn-vfh7" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1" }