VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/20008?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/20008?format=api",
    "purl": "pkg:gem/actionpack@2.3.0.alpha0",
    "type": "gem",
    "namespace": "",
    "name": "actionpack",
    "version": "2.3.0.alpha0",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "7.0.8.7",
    "latest_non_vulnerable_version": "8.1.2.1",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6705?format=api",
            "vulnerability_id": "VCID-kr1b-uct1-7kf6",
            "summary": "Response Splitting Vulnerability in Ruby on Rails\nA response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types.",
            "references": [
                {
                    "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain"
                },
                {
                    "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3186",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74353",
                            "published_at": "2026-04-29T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74228",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74232",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74259",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74265",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.7428",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74301",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74282",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74274",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74311",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.7432",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74312",
                            "published_at": "2026-04-21T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74345",
                            "published_at": "2026-04-24T12:55:00Z"
                        },
                        {
                            "value": "0.00814",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74354",
                            "published_at": "2026-04-26T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3186"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=732156",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732156"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186"
                },
                {
                    "reference_url": "https://github.com/rails/rails",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/rails/rails"
                },
                {
                    "reference_url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9"
                },
                {
                    "reference_url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1"
                },
                {
                    "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml"
                },
                {
                    "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml"
                },
                {
                    "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3186",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3186"
                },
                {
                    "reference_url": "https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921"
                },
                {
                    "reference_url": "http://www.debian.org/security/2011/dsa-2301",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.debian.org/security/2011/dsa-2301"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14"
                },
                {
                    "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-fcqf-h4h4-695m",
                    "reference_id": "GHSA-fcqf-h4h4-695m",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-fcqf-h4h4-695m"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/201412-28",
                    "reference_id": "GLSA-201412-28",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/201412-28"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/20009?format=api",
                    "purl": "pkg:gem/actionpack@2.3.13",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.13"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/131366?format=api",
                    "purl": "pkg:gem/actionpack@2.3.14",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1rgy-k7a9-m7au"
                        },
                        {
                            "vulnerability": "VCID-1xgz-hwng-n3eq"
                        },
                        {
                            "vulnerability": "VCID-333w-aacz-mfcr"
                        },
                        {
                            "vulnerability": "VCID-3wtf-uu89-2qe5"
                        },
                        {
                            "vulnerability": "VCID-3x4p-t3yb-3yak"
                        },
                        {
                            "vulnerability": "VCID-3zdr-vasc-a7cn"
                        },
                        {
                            "vulnerability": "VCID-49pq-vg95-jkh2"
                        },
                        {
                            "vulnerability": "VCID-4epw-vk25-mfdw"
                        },
                        {
                            "vulnerability": "VCID-4he5-y1u4-gkd2"
                        },
                        {
                            "vulnerability": "VCID-5hqj-fxmk-cbcy"
                        },
                        {
                            "vulnerability": "VCID-63gy-6njy-kbd8"
                        },
                        {
                            "vulnerability": "VCID-6j55-bstz-yybj"
                        },
                        {
                            "vulnerability": "VCID-7f5r-9h1g-nuch"
                        },
                        {
                            "vulnerability": "VCID-9hq5-3usy-5fhq"
                        },
                        {
                            "vulnerability": "VCID-a6sp-18av-wya6"
                        },
                        {
                            "vulnerability": "VCID-awt1-8bxs-xffs"
                        },
                        {
                            "vulnerability": "VCID-bjwf-uhyk-63aj"
                        },
                        {
                            "vulnerability": "VCID-c1w4-z275-tqg7"
                        },
                        {
                            "vulnerability": "VCID-carc-ntrd-ebfe"
                        },
                        {
                            "vulnerability": "VCID-cdnw-t8n1-23ep"
                        },
                        {
                            "vulnerability": "VCID-cnqr-6e98-5kgk"
                        },
                        {
                            "vulnerability": "VCID-cwa7-9d2t-rfhb"
                        },
                        {
                            "vulnerability": "VCID-dd9p-x7k3-37ea"
                        },
                        {
                            "vulnerability": "VCID-ehbj-aezy-d7h4"
                        },
                        {
                            "vulnerability": "VCID-g3rk-djae-pkeh"
                        },
                        {
                            "vulnerability": "VCID-h8gs-ansa-9bd9"
                        },
                        {
                            "vulnerability": "VCID-h94p-ywve-y7h9"
                        },
                        {
                            "vulnerability": "VCID-hmp2-rmzv-wkhg"
                        },
                        {
                            "vulnerability": "VCID-hppf-a715-r7b2"
                        },
                        {
                            "vulnerability": "VCID-j24x-nhsb-yug6"
                        },
                        {
                            "vulnerability": "VCID-kcj2-v7av-47cv"
                        },
                        {
                            "vulnerability": "VCID-knsd-pv15-tydx"
                        },
                        {
                            "vulnerability": "VCID-mep3-6sub-ykdk"
                        },
                        {
                            "vulnerability": "VCID-mnkw-23eu-bkgc"
                        },
                        {
                            "vulnerability": "VCID-msda-xqbp-qfdd"
                        },
                        {
                            "vulnerability": "VCID-n8cc-3stk-97b5"
                        },
                        {
                            "vulnerability": "VCID-nf8s-2aaa-17fw"
                        },
                        {
                            "vulnerability": "VCID-p5mc-r1rg-5ff7"
                        },
                        {
                            "vulnerability": "VCID-phxs-zet8-ryh3"
                        },
                        {
                            "vulnerability": "VCID-pmrb-t3bm-zkb6"
                        },
                        {
                            "vulnerability": "VCID-rps2-k24p-9qgq"
                        },
                        {
                            "vulnerability": "VCID-sfyc-jewr-wuf5"
                        },
                        {
                            "vulnerability": "VCID-sgdb-985e-4uej"
                        },
                        {
                            "vulnerability": "VCID-tt6r-bytq-4fa4"
                        },
                        {
                            "vulnerability": "VCID-v3r3-bwp5-a3bn"
                        },
                        {
                            "vulnerability": "VCID-vgm2-8wjy-x7ed"
                        },
                        {
                            "vulnerability": "VCID-wg3a-j2dp-ayh4"
                        },
                        {
                            "vulnerability": "VCID-y8gn-9fat-e7d1"
                        },
                        {
                            "vulnerability": "VCID-ynqu-cjn9-fqf2"
                        },
                        {
                            "vulnerability": "VCID-zkvd-bfd6-t7dg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.14"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/25102?format=api",
                    "purl": "pkg:gem/actionpack@3.0.0.beta",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-1rgy-k7a9-m7au"
                        },
                        {
                            "vulnerability": "VCID-1xgz-hwng-n3eq"
                        },
                        {
                            "vulnerability": "VCID-333w-aacz-mfcr"
                        },
                        {
                            "vulnerability": "VCID-3wtf-uu89-2qe5"
                        },
                        {
                            "vulnerability": "VCID-3x4p-t3yb-3yak"
                        },
                        {
                            "vulnerability": "VCID-3zdr-vasc-a7cn"
                        },
                        {
                            "vulnerability": "VCID-49pq-vg95-jkh2"
                        },
                        {
                            "vulnerability": "VCID-4epw-vk25-mfdw"
                        },
                        {
                            "vulnerability": "VCID-4he5-y1u4-gkd2"
                        },
                        {
                            "vulnerability": "VCID-5hqj-fxmk-cbcy"
                        },
                        {
                            "vulnerability": "VCID-63gy-6njy-kbd8"
                        },
                        {
                            "vulnerability": "VCID-6j55-bstz-yybj"
                        },
                        {
                            "vulnerability": "VCID-7f5r-9h1g-nuch"
                        },
                        {
                            "vulnerability": "VCID-86jq-2md2-d7ah"
                        },
                        {
                            "vulnerability": "VCID-9hq5-3usy-5fhq"
                        },
                        {
                            "vulnerability": "VCID-a6sp-18av-wya6"
                        },
                        {
                            "vulnerability": "VCID-awt1-8bxs-xffs"
                        },
                        {
                            "vulnerability": "VCID-bjwf-uhyk-63aj"
                        },
                        {
                            "vulnerability": "VCID-c1w4-z275-tqg7"
                        },
                        {
                            "vulnerability": "VCID-carc-ntrd-ebfe"
                        },
                        {
                            "vulnerability": "VCID-cdnw-t8n1-23ep"
                        },
                        {
                            "vulnerability": "VCID-cnqr-6e98-5kgk"
                        },
                        {
                            "vulnerability": "VCID-cwa7-9d2t-rfhb"
                        },
                        {
                            "vulnerability": "VCID-dd9p-x7k3-37ea"
                        },
                        {
                            "vulnerability": "VCID-ehbj-aezy-d7h4"
                        },
                        {
                            "vulnerability": "VCID-g3rk-djae-pkeh"
                        },
                        {
                            "vulnerability": "VCID-h8gs-ansa-9bd9"
                        },
                        {
                            "vulnerability": "VCID-h94p-ywve-y7h9"
                        },
                        {
                            "vulnerability": "VCID-hmp2-rmzv-wkhg"
                        },
                        {
                            "vulnerability": "VCID-hppf-a715-r7b2"
                        },
                        {
                            "vulnerability": "VCID-j24x-nhsb-yug6"
                        },
                        {
                            "vulnerability": "VCID-kcj2-v7av-47cv"
                        },
                        {
                            "vulnerability": "VCID-knsd-pv15-tydx"
                        },
                        {
                            "vulnerability": "VCID-mep3-6sub-ykdk"
                        },
                        {
                            "vulnerability": "VCID-mnkw-23eu-bkgc"
                        },
                        {
                            "vulnerability": "VCID-msda-xqbp-qfdd"
                        },
                        {
                            "vulnerability": "VCID-n8cc-3stk-97b5"
                        },
                        {
                            "vulnerability": "VCID-nf8s-2aaa-17fw"
                        },
                        {
                            "vulnerability": "VCID-p5mc-r1rg-5ff7"
                        },
                        {
                            "vulnerability": "VCID-phxs-zet8-ryh3"
                        },
                        {
                            "vulnerability": "VCID-pmrb-t3bm-zkb6"
                        },
                        {
                            "vulnerability": "VCID-rps2-k24p-9qgq"
                        },
                        {
                            "vulnerability": "VCID-sfyc-jewr-wuf5"
                        },
                        {
                            "vulnerability": "VCID-sgdb-985e-4uej"
                        },
                        {
                            "vulnerability": "VCID-tt6r-bytq-4fa4"
                        },
                        {
                            "vulnerability": "VCID-v3r3-bwp5-a3bn"
                        },
                        {
                            "vulnerability": "VCID-vgm2-8wjy-x7ed"
                        },
                        {
                            "vulnerability": "VCID-wg3a-j2dp-ayh4"
                        },
                        {
                            "vulnerability": "VCID-y8gn-9fat-e7d1"
                        },
                        {
                            "vulnerability": "VCID-ynqu-cjn9-fqf2"
                        },
                        {
                            "vulnerability": "VCID-zkvd-bfd6-t7dg"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.0.beta"
                }
            ],
            "aliases": [
                "CVE-2011-3186",
                "GHSA-fcqf-h4h4-695m",
                "OSV-74616"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kr1b-uct1-7kf6"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": "3.1",
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@2.3.0.alpha0"
}

Package Instance