Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/248629?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/248629?format=api", "purl": "pkg:deb/debian/e2fsprogs@1.39%2B1.40-WIP-2006.11.14%2Bdfsg-2", "type": "deb", "namespace": "debian", "name": "e2fsprogs", "version": "1.39+1.40-WIP-2006.11.14+dfsg-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.42.5-1.1+deb7u1", "latest_non_vulnerable_version": "1.42.5-1.1+deb7u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66410?format=api", "vulnerability_id": "VCID-eswx-swxn-2bgc", "summary": "Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1572.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1572.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35953", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193945", "reference_id": "1193945", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193945" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778948", "reference_id": "778948", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778948" }, { "reference_url": "https://security.gentoo.org/glsa/201507-22", "reference_id": "GLSA-201507-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201507-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/248635?format=api", "purl": "pkg:deb/debian/e2fsprogs@1.42.5-1.1%2Bdeb7u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/e2fsprogs@1.42.5-1.1%252Bdeb7u1" } ], "aliases": [ "CVE-2015-1572" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eswx-swxn-2bgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66409?format=api", "vulnerability_id": "VCID-xqqb-ht8y-zbb6", "summary": "Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0247.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0247.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.004", "scoring_system": "epss", "scoring_elements": "0.61009", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187032", "reference_id": "1187032", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187032" }, { "reference_url": "https://security.gentoo.org/glsa/201701-06", "reference_id": "GLSA-201701-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-06" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/248635?format=api", "purl": "pkg:deb/debian/e2fsprogs@1.42.5-1.1%2Bdeb7u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/e2fsprogs@1.42.5-1.1%252Bdeb7u1" } ], "aliases": [ "CVE-2015-0247" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xqqb-ht8y-zbb6" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/e2fsprogs@1.39%252B1.40-WIP-2006.11.14%252Bdfsg-2" }