Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/306409?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/306409?format=api", "purl": "pkg:apk/alpine/libcroco@0.6.13-r1?arch=armv7&distroversion=v3.10&reponame=main", "type": "apk", "namespace": "alpine", "name": "libcroco", "version": "0.6.13-r1", "qualifiers": { "arch": "armv7", "distroversion": "v3.10", "reponame": "main" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111775?format=api", "vulnerability_id": "VCID-83qb-ev9v-fygd", "summary": "libcroco: Memory allocation failure in the cr_tknzr_parse_comment function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8834.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8834.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8834", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0108", "scoring_system": "epss", "scoring_elements": "0.78184", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0108", "scoring_system": "epss", "scoring_elements": "0.78195", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0108", "scoring_system": "epss", "scoring_elements": "0.78217", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0108", "scoring_system": "epss", "scoring_elements": "0.78207", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0108", "scoring_system": "epss", "scoring_elements": "0.7821", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8834" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463306", "reference_id": "1463306", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463306" }, { "reference_url": "https://usn.ubuntu.com/5389-1/", "reference_id": "USN-5389-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5389-1/" }, { "reference_url": "https://usn.ubuntu.com/6958-1/", "reference_id": "USN-6958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/306409?format=api", "purl": "pkg:apk/alpine/libcroco@0.6.13-r1?arch=armv7&distroversion=v3.10&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libcroco@0.6.13-r1%3Farch=armv7&distroversion=v3.10&reponame=main" } ], "aliases": [ "CVE-2017-8834" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-83qb-ev9v-fygd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111776?format=api", "vulnerability_id": "VCID-8dy9-dpjk-tka7", "summary": "libcroco: Infinite loop in the cr_parser_parse_selector_core function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8871.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8871.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8871", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0172", "scoring_system": "epss", "scoring_elements": "0.82742", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0172", "scoring_system": "epss", "scoring_elements": "0.82757", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0172", "scoring_system": "epss", "scoring_elements": "0.82766", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0172", "scoring_system": "epss", "scoring_elements": "0.82764", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0172", "scoring_system": "epss", "scoring_elements": "0.82767", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8871" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463307", "reference_id": "1463307", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463307" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42147.txt", "reference_id": "CVE-2017-8871", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42147.txt" }, { "reference_url": "https://usn.ubuntu.com/5389-1/", "reference_id": "USN-5389-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5389-1/" }, { "reference_url": "https://usn.ubuntu.com/6958-1/", "reference_id": "USN-6958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/306409?format=api", "purl": "pkg:apk/alpine/libcroco@0.6.13-r1?arch=armv7&distroversion=v3.10&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libcroco@0.6.13-r1%3Farch=armv7&distroversion=v3.10&reponame=main" } ], "aliases": [ "CVE-2017-8871" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8dy9-dpjk-tka7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111944?format=api", "vulnerability_id": "VCID-9jyj-uwvr-wbf9", "summary": "libcroco: Undefined behavior issue in cr_tknzr_parse_rgb function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7961.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7961.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7961", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0087", "scoring_system": "epss", "scoring_elements": "0.75558", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0087", "scoring_system": "epss", "scoring_elements": "0.7555", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0087", "scoring_system": "epss", "scoring_elements": "0.75578", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0087", "scoring_system": "epss", "scoring_elements": "0.75581", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0087", "scoring_system": "epss", "scoring_elements": "0.75571", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7961" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:N" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450068", "reference_id": "1450068", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450068" }, { "reference_url": "http://openwall.com/lists/oss-security/2017/04/24/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-22T18:47:03Z/" } ], "url": "http://openwall.com/lists/oss-security/2017/04/24/2" }, { "reference_url": "https://security.gentoo.org/glsa/201707-13", "reference_id": "GLSA-201707-13", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-22T18:47:03Z/" } ], "url": "https://security.gentoo.org/glsa/201707-13" }, { "reference_url": "https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7", "reference_id": "?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-22T18:47:03Z/" } ], "url": "https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/", "reference_id": "libcroco-heap-overflow-and-undefined-behavior", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-22T18:47:03Z/" } ], "url": "https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html", "reference_id": "msg00043.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-22T18:47:03Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1034482", "reference_id": "show_bug.cgi?id=1034482", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-22T18:47:03Z/" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1034482" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/306409?format=api", "purl": "pkg:apk/alpine/libcroco@0.6.13-r1?arch=armv7&distroversion=v3.10&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libcroco@0.6.13-r1%3Farch=armv7&distroversion=v3.10&reponame=main" } ], "aliases": [ "CVE-2017-7961" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9jyj-uwvr-wbf9" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/libcroco@0.6.13-r1%3Farch=armv7&distroversion=v3.10&reponame=main" }