Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/35344?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/35344?format=api", "purl": "pkg:pypi/keylime@7.4.0", "type": "pypi", "namespace": "", "name": "keylime", "version": "7.4.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.12.0", "latest_non_vulnerable_version": "7.12.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36530?format=api", "vulnerability_id": "VCID-brn1-4b8e-kqhf", "summary": "A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.", "references": [ { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-38201", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-38201" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222693", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222693" }, { "reference_url": "https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a" }, { "reference_url": "https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35345?format=api", "purl": "pkg:pypi/keylime@7.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mqxg-478p-23cn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@7.5.0" } ], "aliases": [ "CVE-2023-38201", "GHSA-f4r5-q63f-gcww", "PYSEC-2023-160" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-brn1-4b8e-kqhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37203?format=api", "vulnerability_id": "VCID-mqxg-478p-23cn", "summary": "A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security (TLS) authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing agents, retrieving public Trusted Platform Module (TPM) data, and deleting agents, by connecting without presenting a client certificate.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2224", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2026:2224" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2225", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2026:2225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2298", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2026:2298" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-1709", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-1709" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435514", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435514" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47235?format=api", "purl": "pkg:pypi/keylime@7.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@7.12.0" } ], "aliases": [ "CVE-2026-1709", "PYSEC-2026-74" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqxg-478p-23cn" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/keylime@7.4.0" }