GET

Package Instance

Lookup for vulnerable packages by Package URL.

GET /api/packages/367554?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/367554?format=api",
    "purl": "pkg:apk/alpine/mbedtls@2.16.3-r0?arch=x86_64&distroversion=v3.22&reponame=main",
    "type": "apk",
    "namespace": "alpine",
    "name": "mbedtls",
    "version": "2.16.3-r0",
    "qualifiers": {
        "arch": "x86_64",
        "distroversion": "v3.22",
        "reponame": "main"
    },
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "2.16.4-r0",
    "latest_non_vulnerable_version": "3.6.6-r0",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92744?format=api",
            "vulnerability_id": "VCID-qqut-7fh2-byee",
            "summary": "Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16910",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00671",
                            "scoring_system": "epss",
                            "scoring_elements": "0.71771",
                            "published_at": "2026-06-04T12:55:00Z"
                        },
                        {
                            "value": "0.00671",
                            "scoring_system": "epss",
                            "scoring_elements": "0.71811",
                            "published_at": "2026-06-05T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16910"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16910",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16910"
                },
                {
                    "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941265",
                    "reference_id": "941265",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941265"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/367554?format=api",
                    "purl": "pkg:apk/alpine/mbedtls@2.16.3-r0?arch=x86_64&distroversion=v3.22&reponame=main",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@2.16.3-r0%3Farch=x86_64&distroversion=v3.22&reponame=main"
                }
            ],
            "aliases": [
                "CVE-2019-16910"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qqut-7fh2-byee"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/mbedtls@2.16.3-r0%3Farch=x86_64&distroversion=v3.22&reponame=main"
}