Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/201805?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/201805?format=api", "purl": "pkg:pypi/products.cmfplone@4.3a2", "type": "pypi", "namespace": "", "name": "products.cmfplone", "version": "4.3a2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.3.17", "latest_non_vulnerable_version": "5.1.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38094?format=api", "vulnerability_id": "VCID-gd5v-ueah-j7eh", "summary": "Privilege escalation in webdav\nA missing webdav security declaration would allow unauthorized webdav access.", "references": [ { "reference_url": "https://plone.org/products/plone/security/advisories/20160419-announcement", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/products/plone/security/advisories/20160419-announcement" }, { "reference_url": "https://plone.org/security/20160419/privilege-escalation-in-webdav", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/20160419/privilege-escalation-in-webdav" } ], "fixed_packages": [], "aliases": [ "GMS-2016-28" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gd5v-ueah-j7eh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35116?format=api", "vulnerability_id": "VCID-h4kd-eh8g-gude", "summary": "Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0051", "scoring_system": "epss", "scoring_elements": "0.66767", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7316" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1264788" }, { "reference_url": "https://github.com/plone/Plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Plone" }, { "reference_url": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-53.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7316", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7316" }, { "reference_url": "https://plone.org/security/20150910/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/20150910/" }, { "reference_url": "https://plone.org/security/20150910/non-persistent-xss-in-plone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/20150910/non-persistent-xss-in-plone" }, { "reference_url": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://plone.org/security/hotfix/20150910/non-persistent-xss-in-plone" }, { "reference_url": "https://pypi.org/project/Products.PloneHotfix20150910", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/Products.PloneHotfix20150910" }, { "reference_url": "https://pypi.python.org/pypi/Products.PloneHotfix20150910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.python.org/pypi/Products.PloneHotfix20150910" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/09/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/09/22/14" }, { "reference_url": "https://github.com/advisories/GHSA-vf8g-m3vq-6p4p", "reference_id": "GHSA-vf8g-m3vq-6p4p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vf8g-m3vq-6p4p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54171?format=api", "purl": "pkg:pypi/products.cmfplone@4.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gd5v-ueah-j7eh" }, { "vulnerability": "VCID-vyc7-kfh2-vbfy" }, { "vulnerability": "VCID-zg7t-g8m5-nbat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/54172?format=api", "purl": "pkg:pypi/products.cmfplone@5.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gd5v-ueah-j7eh" }, { "vulnerability": "VCID-mu56-js96-3fdr" }, { "vulnerability": "VCID-zg7t-g8m5-nbat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0rc2" } ], "aliases": [ "CVE-2015-7316", "GHSA-vf8g-m3vq-6p4p", "PYSEC-2017-53" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4kd-eh8g-gude" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37926?format=api", "vulnerability_id": "VCID-vyc7-kfh2-vbfy", "summary": "Multiple CSRF vulnerabilities in Management Interface\nThere are multiple CSRF (cross-site request forgery) vulnerabilities in the ZMI (Zope Management Interface).", "references": [ { "reference_url": "https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf", "reference_id": "CVE-2015-7293;OSVDB-128533;OSVDB-128532", "reference_type": "exploit", "scores": [], "url": "https://plone.org/products/plone/security/advisories/security-vulnerability-20151006-csrf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/201816?format=api", "purl": "pkg:pypi/products.cmfplone@5.0a1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gd5v-ueah-j7eh" }, { "vulnerability": "VCID-h4kd-eh8g-gude" }, { "vulnerability": "VCID-mu56-js96-3fdr" }, { "vulnerability": "VCID-wuas-tkd4-rkd4" }, { "vulnerability": "VCID-zg7t-g8m5-nbat" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@5.0a1" } ], "aliases": [ "GMS-2015-35" ], "risk_score": null, "exploitability": "1.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vyc7-kfh2-vbfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38093?format=api", "vulnerability_id": "VCID-zg7t-g8m5-nbat", "summary": "Unauthorized disclosure of site content\nA vulnerability that allows attackers to gain information about private site content.", "references": [ { "reference_url": "https://plone.org/products/plone/security/advisories/20160419-announcement", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/products/plone/security/advisories/20160419-announcement" }, { "reference_url": "https://plone.org/security/20160419/unauthorized-disclosure-of-site-content", "reference_id": "", "reference_type": "", "scores": [], "url": "https://plone.org/security/20160419/unauthorized-disclosure-of-site-content" } ], "fixed_packages": [], "aliases": [ "GMS-2016-27" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zg7t-g8m5-nbat" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/products.cmfplone@4.3a2" }