Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/prosody@0.11.12-r0?arch=x86&distroversion=v3.16&reponame=community

Type apk

Namespace alpine

Name prosody

Version 0.11.12-r0

Qualifiers

arch	x86
distroversion	v3.16
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6jkq-68jn-vbf6

vulnerability_id VCID-6jkq-68jn-vbf6

summary It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-0217

reference_id

reference_type

scores

value	0.00411
scoring_system	epss
scoring_elements	0.61744
published_at	2026-06-04T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61793
published_at	2026-06-05T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61801
published_at	2026-06-06T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.6179
published_at	2026-06-07T12:55:00Z

value	0.00411
scoring_system	epss
scoring_elements	0.61775
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-0217

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0217
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0217

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003696
reference_id	1003696
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003696

fixed_packages

url	pkg:apk/alpine/prosody@0.11.12-r0?arch=x86&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/prosody@0.11.12-r0?arch=x86&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prosody@0.11.12-r0%3Farch=x86&distroversion=v3.16&reponame=community

aliases CVE-2022-0217

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jkq-68jn-vbf6

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/prosody@0.11.12-r0%3Farch=x86&distroversion=v3.16&reponame=community

Package Instance