Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/296458?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/296458?format=api", "purl": "pkg:apk/alpine/libass@0.13.4-r0?arch=x86&distroversion=v3.24&reponame=community", "type": "apk", "namespace": "alpine", "name": "libass", "version": "0.13.4-r0", "qualifiers": { "arch": "x86", "distroversion": "v3.24", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1921?format=api", "vulnerability_id": "VCID-h4y4-e376-bffe", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01299", "scoring_system": "epss", "scoring_elements": "0.80135", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01299", "scoring_system": "epss", "scoring_elements": "0.80198", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01299", "scoring_system": "epss", "scoring_elements": "0.80213", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01299", "scoring_system": "epss", "scoring_elements": "0.80205", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7970" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/201702-25", "reference_id": "GLSA-201702-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-25" }, { "reference_url": "https://usn.ubuntu.com/USN-4797-1/", "reference_id": "USN-USN-4797-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4797-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/296458?format=api", "purl": "pkg:apk/alpine/libass@0.13.4-r0?arch=x86&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libass@0.13.4-r0%3Farch=x86&distroversion=v3.24&reponame=community" } ], "aliases": [ "CVE-2016-7970" ], "risk_score": 0.7, "exploitability": "0.5", "weighted_severity": "1.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4y4-e376-bffe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1923?format=api", "vulnerability_id": "VCID-r5sy-xqjg-x7a9", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01456", "scoring_system": "epss", "scoring_elements": "0.81305", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01456", "scoring_system": "epss", "scoring_elements": "0.81313", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02449", "scoring_system": "epss", "scoring_elements": "0.85526", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7972" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7972", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7972" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/201702-25", "reference_id": "GLSA-201702-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-25" }, { "reference_url": "https://usn.ubuntu.com/USN-4797-1/", "reference_id": "USN-USN-4797-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4797-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/296458?format=api", "purl": "pkg:apk/alpine/libass@0.13.4-r0?arch=x86&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libass@0.13.4-r0%3Farch=x86&distroversion=v3.24&reponame=community" } ], "aliases": [ "CVE-2016-7972" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r5sy-xqjg-x7a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1920?format=api", "vulnerability_id": "VCID-wq8t-my5u-qfa5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01949", "scoring_system": "epss", "scoring_elements": "0.83902", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01949", "scoring_system": "epss", "scoring_elements": "0.8391", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01949", "scoring_system": "epss", "scoring_elements": "0.83906", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.03981", "scoring_system": "epss", "scoring_elements": "0.88666", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7969" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/201702-25", "reference_id": "GLSA-201702-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201702-25" }, { "reference_url": "https://usn.ubuntu.com/USN-4797-1/", "reference_id": "USN-USN-4797-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4797-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/296458?format=api", "purl": "pkg:apk/alpine/libass@0.13.4-r0?arch=x86&distroversion=v3.24&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libass@0.13.4-r0%3Farch=x86&distroversion=v3.24&reponame=community" } ], "aliases": [ "CVE-2016-7969" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wq8t-my5u-qfa5" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libass@0.13.4-r0%3Farch=x86&distroversion=v3.24&reponame=community" }