Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/372847?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/372847?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.17-1", "type": "alpm", "namespace": "archlinux", "name": "cacti", "version": "1.1.17-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.1.28-1", "latest_non_vulnerable_version": "1.2.16-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93157?format=api", "vulnerability_id": "VCID-q88b-smmh-77ga", "summary": "Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80764", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80793", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.8079", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80817", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01457", "scoring_system": "epss", "scoring_elements": "0.80826", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02642", "scoring_system": "epss", "scoring_elements": "0.85738", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02642", "scoring_system": "epss", "scoring_elements": "0.85716", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02642", "scoring_system": "epss", "scoring_elements": "0.8572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02642", "scoring_system": "epss", "scoring_elements": "0.85723", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16660" }, { "reference_url": "https://github.com/Cacti/cacti/issues/1066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/1066" }, { "reference_url": "https://security.archlinux.org/ASA-201712-2", "reference_id": "ASA-201712-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-2" }, { "reference_url": "https://security.archlinux.org/AVG-537", "reference_id": "AVG-537", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16660", "reference_id": "CVE-2017-16660", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" }, { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16660" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" } ], "aliases": [ "CVE-2017-16660" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q88b-smmh-77ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93156?format=api", "vulnerability_id": "VCID-qbvv-frc2-rqbk", "summary": "lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64294", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64351", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.6438", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64339", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64387", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00465", "scoring_system": "epss", "scoring_elements": "0.64402", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0126", "scoring_system": "epss", "scoring_elements": "0.79435", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0126", "scoring_system": "epss", "scoring_elements": "0.79404", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0126", "scoring_system": "epss", "scoring_elements": "0.79415", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0126", "scoring_system": "epss", "scoring_elements": "0.79432", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16641" }, { "reference_url": "https://github.com/Cacti/cacti/issues/1057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/1057" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110", "reference_id": "881110", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110" }, { "reference_url": "https://security.archlinux.org/ASA-201712-2", "reference_id": "ASA-201712-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-2" }, { "reference_url": "https://security.archlinux.org/AVG-537", "reference_id": "AVG-537", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16641", "reference_id": "CVE-2017-16641", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:C/I:C/A:C" }, { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16641" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" } ], "aliases": [ "CVE-2017-16641" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbvv-frc2-rqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93158?format=api", "vulnerability_id": "VCID-x1fg-6mq4-d7ds", "summary": "Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29761", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29729", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29806", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39812", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39827", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39757", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39814", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39837", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39665", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16661" }, { "reference_url": "https://github.com/Cacti/cacti/issues/1066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/1066" }, { "reference_url": "https://security.archlinux.org/ASA-201712-2", "reference_id": "ASA-201712-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-2" }, { "reference_url": "https://security.archlinux.org/AVG-537", "reference_id": "AVG-537", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16661", "reference_id": "CVE-2017-16661", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16661" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" } ], "aliases": [ "CVE-2017-16661" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1fg-6mq4-d7ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93159?format=api", "vulnerability_id": "VCID-yjny-ubdp-7few", "summary": "Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40008", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40038", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39988", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40045", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4158", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41589", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.4153", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41574", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41603", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41485", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16785" }, { "reference_url": "https://github.com/Cacti/cacti/issues/1071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Cacti/cacti/issues/1071" }, { "reference_url": "http://www.securitytracker.com/id/1039774", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039774" }, { "reference_url": "https://security.archlinux.org/ASA-201712-2", "reference_id": "ASA-201712-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-2" }, { "reference_url": "https://security.archlinux.org/AVG-537", "reference_id": "AVG-537", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-537" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16785", "reference_id": "CVE-2017-16785", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16785" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372848?format=api", "purl": "pkg:alpm/archlinux/cacti@1.1.28-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1" } ], "aliases": [ "CVE-2017-16785" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjny-ubdp-7few" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.17-1" }