Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/256278?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/256278?format=api", "purl": "pkg:npm/apollo-server-express@2.12.0-alpha.0", "type": "npm", "namespace": "", "name": "apollo-server-express", "version": "2.12.0-alpha.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.14.2", "latest_non_vulnerable_version": "2.14.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52673?format=api", "vulnerability_id": "VCID-u2b9-99j7-rkbk", "summary": "Introspection in schema validation in Apollo Server\nIf `subscriptions: false` is passed to the `ApolloServer` constructor options, there is no impact. If implementors were not expecting validation rules to be enforced on the WebSocket subscriptions transport **and** are unconcerned about introspection being enabled on the WebSocket subscriptions transport (or were not expecting that), then this advisory is not applicable. If `introspection: true` is passed to the `ApolloServer` constructor options, the impact is limited to user-provided validation rules (i.e., using `validationRules`) since there would be no expectation that introspection was disabled.", "references": [ { "reference_url": "https://github.com/apollographql/apollo-server/commit/e2e816316f5c28a03de2ee1589edb2b10c358114", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apollographql/apollo-server/commit/e2e816316f5c28a03de2ee1589edb2b10c358114" }, { "reference_url": "https://www.npmjs.com/advisories/1525", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1525" }, { "reference_url": "https://www.npmjs.com/advisories/1526", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1526" }, { "reference_url": "https://www.npmjs.com/advisories/1527", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1527" }, { "reference_url": "https://www.npmjs.com/advisories/1528", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1528" }, { "reference_url": "https://www.npmjs.com/advisories/1529", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1529" }, { "reference_url": "https://www.npmjs.com/advisories/1530", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1530" }, { "reference_url": "https://www.npmjs.com/advisories/1531", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1531" }, { "reference_url": "https://www.npmjs.com/advisories/1532", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1532" }, { "reference_url": "https://www.npmjs.com/advisories/1533", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1533" }, { "reference_url": "https://www.npmjs.com/advisories/1534", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1534" }, { "reference_url": "https://www.npmjs.com/advisories/1535", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1535" }, { "reference_url": "https://www.npmjs.com/advisories/1536", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/advisories/1536" }, { "reference_url": "https://github.com/advisories/GHSA-w42g-7vfc-xf37", "reference_id": "GHSA-w42g-7vfc-xf37", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w42g-7vfc-xf37" }, { "reference_url": "https://github.com/apollographql/apollo-server/security/advisories/GHSA-w42g-7vfc-xf37", "reference_id": "GHSA-w42g-7vfc-xf37", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apollographql/apollo-server/security/advisories/GHSA-w42g-7vfc-xf37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77446?format=api", "purl": "pkg:npm/apollo-server-express@2.14.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/apollo-server-express@2.14.2" } ], "aliases": [ "GHSA-w42g-7vfc-xf37", "GMS-2020-59", "GMS-2020-60", "GMS-2020-61", "GMS-2020-62", "GMS-2020-63", "GMS-2020-64", "GMS-2020-65", "GMS-2020-66", "GMS-2020-67", "GMS-2020-68", "GMS-2020-69", "GMS-2020-70" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u2b9-99j7-rkbk" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/apollo-server-express@2.12.0-alpha.0" }