Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/351731?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/351731?format=api", "purl": "pkg:apk/alpine/perl-image-exiftool@12.24-r0?arch=loongarch64&distroversion=edge&reponame=community", "type": "apk", "namespace": "alpine", "name": "perl-image-exiftool", "version": "12.24-r0", "qualifiers": { "arch": "loongarch64", "distroversion": "edge", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "12.40-r0", "latest_non_vulnerable_version": "12.40-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76307?format=api", "vulnerability_id": "VCID-cfdy-pnx7-xkfx", "summary": "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92825", "scoring_system": "epss", "scoring_elements": "0.99772", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22204" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/09/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/09/1" }, { "reference_url": "https://hackerone.com/reports/1154542", "reference_id": "1154542", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "https://hackerone.com/reports/1154542" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/10/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/10/5" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987505", "reference_id": "987505", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987505" }, { "reference_url": "https://security.archlinux.org/AVG-1869", "reference_id": "AVG-1869", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1869" }, { "reference_url": "https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800", "reference_id": "cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/50911.py", "reference_id": "CVE-2021-22204", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/50911.py" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json", "reference_id": "CVE-2021-22204.json", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/", "reference_id": "DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4910", "reference_id": "dsa-4910", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4910" }, { "reference_url": "http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html", "reference_id": "ExifTool-12.23-Arbitrary-Code-Execution.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html", "reference_id": "ExifTool-DjVu-ANT-Perl-Injection.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/", "reference_id": "F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/" }, { "reference_url": "http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html", "reference_id": "GitLab-13.10.2-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html", "reference_id": "GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html" }, { "reference_url": "https://security.gentoo.org/glsa/202407-27", "reference_id": "GLSA-202407-27", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-27" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html", "reference_id": "msg00018.html", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/", "reference_id": "U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T19:49:52Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/" }, { "reference_url": "https://usn.ubuntu.com/4987-1/", "reference_id": "USN-4987-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4987-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-4987-2/", "reference_id": "USN-USN-4987-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4987-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/351731?format=api", "purl": "pkg:apk/alpine/perl-image-exiftool@12.24-r0?arch=loongarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/perl-image-exiftool@12.24-r0%3Farch=loongarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2021-22204" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfdy-pnx7-xkfx" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/perl-image-exiftool@12.24-r0%3Farch=loongarch64&distroversion=edge&reponame=community" }