Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/19882?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/19882?format=api", "purl": "pkg:pypi/pyqlib@0.6.2", "type": "pypi", "namespace": "", "name": "pyqlib", "version": "0.6.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.6.3", "latest_non_vulnerable_version": "0.6.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35722?format=api", "vulnerability_id": "VCID-mhxk-2gdh-u3hb", "summary": "This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.", "references": [ { "reference_url": "https://github.com/418sec/huntr/pull/1329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/418sec/huntr/pull/1329" }, { "reference_url": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19883?format=api", "purl": "pkg:pypi/pyqlib@0.6.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyqlib@0.6.3" } ], "aliases": [ "CVE-2021-23338", "PYSEC-2021-86", "SNYK-PYTHON-QLIB-1054635" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhxk-2gdh-u3hb" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyqlib@0.6.2" }