Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main

Type apk

Namespace alpine

Name unzip

Version 6.0-r3

Qualifiers

arch	x86
distroversion	v3.22
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 6.0-r7

Latest_non_vulnerable_version 6.0-r11

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-eh5k-xz8h-1ufr

vulnerability_id VCID-eh5k-xz8h-1ufr

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9844.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9844.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9844

reference_id

reference_type

scores

value	0.09788
scoring_system	epss
scoring_elements	0.93112
published_at	2026-06-06T12:55:00Z

value	0.09788
scoring_system	epss
scoring_elements	0.93103
published_at	2026-06-04T12:55:00Z

value	0.09788
scoring_system	epss
scoring_elements	0.93109
published_at	2026-06-07T12:55:00Z

value	0.09788
scoring_system	epss
scoring_elements	0.93113
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9844

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9844

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1401864
reference_id	1401864
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1401864

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847486
reference_id	847486
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847486

reference_url

https://security.archlinux.org/AVG-611

reference_id

AVG-611

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-611

reference_url	https://usn.ubuntu.com/4672-1/
reference_id	USN-4672-1
reference_type
scores
url	https://usn.ubuntu.com/4672-1/

fixed_packages

url	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/unzip@6.0-r3%3Farch=x86&distroversion=v3.22&reponame=main

aliases CVE-2016-9844

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eh5k-xz8h-1ufr

url VCID-k658-w9mb-tyfq

vulnerability_id VCID-k658-w9mb-tyfq

summary unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9636.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9636.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9636

reference_id

reference_type

scores

value	0.58381
scoring_system	epss
scoring_elements	0.98232
published_at	2026-06-04T12:55:00Z

value	0.58381
scoring_system	epss
scoring_elements	0.98234
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9636

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9636
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9636

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1184985
reference_id	1184985
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1184985

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776589
reference_id	776589
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776589

reference_url	https://security.gentoo.org/glsa/201611-01
reference_id	GLSA-201611-01
reference_type
scores
url	https://security.gentoo.org/glsa/201611-01

reference_url	https://access.redhat.com/errata/RHSA-2015:0700
reference_id	RHSA-2015:0700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0700

reference_url	https://usn.ubuntu.com/2489-1/
reference_id	USN-2489-1
reference_type
scores
url	https://usn.ubuntu.com/2489-1/

fixed_packages

url	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/unzip@6.0-r3%3Farch=x86&distroversion=v3.22&reponame=main

aliases CVE-2014-9636

risk_score 0.2

exploitability 0.5

weighted_severity 0.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k658-w9mb-tyfq

url VCID-kst5-hvc6-6ugy

vulnerability_id VCID-kst5-hvc6-6ugy

summary Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8140.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8140.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-8140

reference_id

reference_type

scores

value	0.09808
scoring_system	epss
scoring_elements	0.93109
published_at	2026-06-04T12:55:00Z

value	0.09808
scoring_system	epss
scoring_elements	0.93121
published_at	2026-06-05T12:55:00Z

value	0.09808
scoring_system	epss
scoring_elements	0.93119
published_at	2026-06-06T12:55:00Z

value	0.09808
scoring_system	epss
scoring_elements	0.93116
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-8140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8141

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1174851
reference_id	1174851
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1174851

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773722
reference_id	773722
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773722

reference_url	https://security.gentoo.org/glsa/201611-01
reference_id	GLSA-201611-01
reference_type
scores
url	https://security.gentoo.org/glsa/201611-01

reference_url	https://access.redhat.com/errata/RHSA-2015:0700
reference_id	RHSA-2015:0700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0700

reference_url	https://usn.ubuntu.com/2472-1/
reference_id	USN-2472-1
reference_type
scores
url	https://usn.ubuntu.com/2472-1/

fixed_packages

url	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/unzip@6.0-r3%3Farch=x86&distroversion=v3.22&reponame=main

aliases CVE-2014-8140

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kst5-hvc6-6ugy

url VCID-myfq-v13h-yue6

vulnerability_id VCID-myfq-v13h-yue6

summary Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8139.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8139.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-8139

reference_id

reference_type

scores

value	0.09808
scoring_system	epss
scoring_elements	0.93109
published_at	2026-06-04T12:55:00Z

value	0.09808
scoring_system	epss
scoring_elements	0.93121
published_at	2026-06-05T12:55:00Z

value	0.09808
scoring_system	epss
scoring_elements	0.93119
published_at	2026-06-06T12:55:00Z

value	0.09808
scoring_system	epss
scoring_elements	0.93116
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-8139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8141

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1174844
reference_id	1174844
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1174844

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773722
reference_id	773722
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773722

reference_url	https://security.gentoo.org/glsa/201611-01
reference_id	GLSA-201611-01
reference_type
scores
url	https://security.gentoo.org/glsa/201611-01

reference_url	https://access.redhat.com/errata/RHSA-2015:0700
reference_id	RHSA-2015:0700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0700

reference_url	https://usn.ubuntu.com/2472-1/
reference_id	USN-2472-1
reference_type
scores
url	https://usn.ubuntu.com/2472-1/

fixed_packages

url	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/unzip@6.0-r3%3Farch=x86&distroversion=v3.22&reponame=main

aliases CVE-2014-8139

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myfq-v13h-yue6

url VCID-uf4b-432j-p3hu

vulnerability_id VCID-uf4b-432j-p3hu

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000035.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000035.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000035

reference_id

reference_type

scores

value	0.63564
scoring_system	epss
scoring_elements	0.98439
published_at	2026-06-06T12:55:00Z

value	0.63564
scoring_system	epss
scoring_elements	0.98434
published_at	2026-06-04T12:55:00Z

value	0.63564
scoring_system	epss
scoring_elements	0.98438
published_at	2026-06-07T12:55:00Z

value	0.63564
scoring_system	epss
scoring_elements	0.98437
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000035

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1537043
reference_id	1537043
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1537043

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889838
reference_id	889838
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889838

reference_url

https://security.archlinux.org/AVG-611

reference_id

AVG-611

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-611

reference_url	https://security.gentoo.org/glsa/202003-58
reference_id	GLSA-202003-58
reference_type
scores
url	https://security.gentoo.org/glsa/202003-58

reference_url	https://usn.ubuntu.com/4672-1/
reference_id	USN-4672-1
reference_type
scores
url	https://usn.ubuntu.com/4672-1/

fixed_packages

url	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/unzip@6.0-r3%3Farch=x86&distroversion=v3.22&reponame=main

aliases CVE-2018-1000035

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uf4b-432j-p3hu

url VCID-wz9z-wubj-ffg6

vulnerability_id VCID-wz9z-wubj-ffg6

summary Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8141.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8141.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-8141

reference_id

reference_type

scores

value	0.09808
scoring_system	epss
scoring_elements	0.93109
published_at	2026-06-04T12:55:00Z

value	0.09808
scoring_system	epss
scoring_elements	0.93121
published_at	2026-06-05T12:55:00Z

value	0.09808
scoring_system	epss
scoring_elements	0.93119
published_at	2026-06-06T12:55:00Z

value	0.09808
scoring_system	epss
scoring_elements	0.93116
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-8141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8141
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8141

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1174856
reference_id	1174856
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1174856

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773722
reference_id	773722
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773722

reference_url	https://security.gentoo.org/glsa/201611-01
reference_id	GLSA-201611-01
reference_type
scores
url	https://security.gentoo.org/glsa/201611-01

reference_url	https://access.redhat.com/errata/RHSA-2015:0700
reference_id	RHSA-2015:0700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0700

reference_url	https://usn.ubuntu.com/2472-1/
reference_id	USN-2472-1
reference_type
scores
url	https://usn.ubuntu.com/2472-1/

fixed_packages

url	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/unzip@6.0-r3%3Farch=x86&distroversion=v3.22&reponame=main

aliases CVE-2014-8141

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wz9z-wubj-ffg6

url VCID-zzw3-avu4-wqa8

vulnerability_id VCID-zzw3-avu4-wqa8

summary multiple issues

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9913.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9913.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9913

reference_id

reference_type

scores

value	0.0459
scoring_system	epss
scoring_elements	0.89418
published_at	2026-06-04T12:55:00Z

value	0.0459
scoring_system	epss
scoring_elements	0.89436
published_at	2026-06-06T12:55:00Z

value	0.0459
scoring_system	epss
scoring_elements	0.89435
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9913

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9913

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1401865
reference_id	1401865
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1401865

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847485
reference_id	847485
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847485

reference_url

https://security.archlinux.org/AVG-611

reference_id

AVG-611

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-611

reference_url	https://usn.ubuntu.com/4672-1/
reference_id	USN-4672-1
reference_type
scores
url	https://usn.ubuntu.com/4672-1/

fixed_packages

url	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/unzip@6.0-r3?arch=x86&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/unzip@6.0-r3%3Farch=x86&distroversion=v3.22&reponame=main

aliases CVE-2014-9913

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zzw3-avu4-wqa8

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/unzip@6.0-r3%3Farch=x86&distroversion=v3.22&reponame=main

Package Instance