VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/381663?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/381663?format=api",
    "purl": "pkg:maven/com.vaadin/vaadin@24.0.6",
    "type": "maven",
    "namespace": "com.vaadin",
    "name": "vaadin",
    "version": "24.0.6",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "24.8.14",
    "latest_non_vulnerable_version": "25.0.2",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360529?format=api",
            "vulnerability_id": "VCID-ehwa-equd-5kbt",
            "summary": "Vaadin Platform possible file bypass via upload validation on the server-side\n### Description\nWhen the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the upgrade to a more recent Vaadin version.",
            "references": [
                {
                    "reference_url": "https://github.com/vaadin/flow-components/commit/bfe9e507cdcc5d90a2312c8f0162f798a29ba635",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/vaadin/flow-components/commit/bfe9e507cdcc5d90a2312c8f0162f798a29ba635"
                },
                {
                    "reference_url": "https://github.com/vaadin/flow-components/pull/7616",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/vaadin/flow-components/pull/7616"
                },
                {
                    "reference_url": "https://github.com/vaadin/platform",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/vaadin/platform"
                },
                {
                    "reference_url": "https://github.com/vaadin/platform/security/advisories/GHSA-c7v7-rqfm-f44j",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/vaadin/platform/security/advisories/GHSA-c7v7-rqfm-f44j"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9467",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Green"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9467"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-c7v7-rqfm-f44j",
                    "reference_id": "GHSA-c7v7-rqfm-f44j",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-c7v7-rqfm-f44j"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/376599?format=api",
                    "purl": "pkg:maven/com.vaadin/vaadin@24.7.7",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-sgsc-udzb-buc4"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.7.7"
                }
            ],
            "aliases": [
                "GHSA-c7v7-rqfm-f44j"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehwa-equd-5kbt"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95332?format=api",
            "vulnerability_id": "VCID-sgsc-udzb-buc4",
            "summary": "Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input.\n\nIn Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed versions sanitize captions by default and provide an API to explicitly enable HTML content mode for backwards compatibility.\n\nIn Vaadin 23 and newer, the Action class is only used by the Spreadsheet component. The fixed versions sanitize HTML using Jsoup with a relaxed safelist.\n\nVaadin 14 is not affected as Spreadsheet component was not supported.\n\nUsers of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:\n\nProduct version\nVaadin 7.0.0 - 7.7.49\nVaadin 8.0.0 - 8.29.1\nVaadin 23.1.0 - 23.6.5\nVaadin 24.0.0 - 24.8.13\nVaadin 24.9.0 - 24.9.6\n\nMitigation\nUpgrade to 7.7.50\nUpgrade to 8.30.0\nUpgrade to 23.6.6\nUpgrade to 24.8.14 or 24.9.7\nUpgrade to 25.0.0 or newer\n\nArtifacts     Maven coordinatesVulnerable versionsFixed versioncom.vaadin:vaadin-server\n7.0.0 - 7.7.49\n≥7.7.50\ncom.vaadin:vaadin-server\n8.0.0 - 8.29.1\n≥8.30.0\ncom.vaadin:vaadin\n23.1.0 - 23.6.5\n≥23.6.6\ncom.vaadin:vaadin24.0.0 - 24.8.13\n≥24.8.14\ncom.vaadin:vaadin24.9.0 - 24.9.6\n≥24.9.7\ncom.vaadin:vaadin-spreadsheet-flow\n23.1.0 - 23.6.5\n≥23.6.6\ncom.vaadin:vaadin-spreadsheet-flow\n24.0.0 - 24.8.13\n≥24.8.14\ncom.vaadin:vaadin-spreadsheet-flow\n24.9.0 - 24.9.6\n≥24.9.7",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15022",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00014",
                            "scoring_system": "epss",
                            "scoring_elements": "0.02546",
                            "published_at": "2026-06-13T12:55:00Z"
                        },
                        {
                            "value": "0.00014",
                            "scoring_system": "epss",
                            "scoring_elements": "0.02556",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.00014",
                            "scoring_system": "epss",
                            "scoring_elements": "0.02552",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15022"
                },
                {
                    "reference_url": "https://github.com/vaadin/flow-components",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/vaadin/flow-components"
                },
                {
                    "reference_url": "https://github.com/vaadin/flow-components/commit/71046aa3dd08be0907bd03140c33131b94f6e99c",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/vaadin/flow-components/commit/71046aa3dd08be0907bd03140c33131b94f6e99c"
                },
                {
                    "reference_url": "https://github.com/vaadin/flow-components/pull/8285",
                    "reference_id": "8285",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Amber"
                        },
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-05T21:11:20Z/"
                        }
                    ],
                    "url": "https://github.com/vaadin/flow-components/pull/8285"
                },
                {
                    "reference_url": "https://vaadin.com/security/cve-2025-15022",
                    "reference_id": "cve-2025-15022",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Amber"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-05T21:11:20Z/"
                        }
                    ],
                    "url": "https://vaadin.com/security/cve-2025-15022"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15022",
                    "reference_id": "CVE-2025-15022",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "4.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15022"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-7wwv-79xw-rvvg",
                    "reference_id": "GHSA-7wwv-79xw-rvvg",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-7wwv-79xw-rvvg"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/36485?format=api",
                    "purl": "pkg:maven/com.vaadin/vaadin@24.8.14",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.8.14"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/36488?format=api",
                    "purl": "pkg:maven/com.vaadin/vaadin@24.9.7",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.9.7"
                }
            ],
            "aliases": [
                "CVE-2025-15022",
                "GHSA-7wwv-79xw-rvvg"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgsc-udzb-buc4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/128942?format=api",
            "vulnerability_id": "VCID-ujm5-9yas-ffag",
            "summary": "Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25500",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00305",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54189",
                            "published_at": "2026-06-11T12:55:00Z"
                        },
                        {
                            "value": "0.00305",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54333",
                            "published_at": "2026-06-13T12:55:00Z"
                        },
                        {
                            "value": "0.00305",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54315",
                            "published_at": "2026-06-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25500"
                },
                {
                    "reference_url": "https://github.com/vaadin/platform",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/vaadin/platform"
                },
                {
                    "reference_url": "https://github.com/vaadin/platform/security/advisories/GHSA-ch48-9r3q-pv7x",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/vaadin/platform/security/advisories/GHSA-ch48-9r3q-pv7x"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25500",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25500"
                },
                {
                    "reference_url": "https://github.com/vaadin/flow/pull/16935",
                    "reference_id": "16935",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T19:59:24Z/"
                        }
                    ],
                    "url": "https://github.com/vaadin/flow/pull/16935"
                },
                {
                    "reference_url": "https://vaadin.com/security/cve-2023-25500",
                    "reference_id": "cve-2023-25500",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "3.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T19:59:24Z/"
                        }
                    ],
                    "url": "https://vaadin.com/security/cve-2023-25500"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-ch48-9r3q-pv7x",
                    "reference_id": "GHSA-ch48-9r3q-pv7x",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "LOW",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-ch48-9r3q-pv7x"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/381740?format=api",
                    "purl": "pkg:maven/com.vaadin/vaadin@24.0.7",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ehwa-equd-5kbt"
                        },
                        {
                            "vulnerability": "VCID-sgsc-udzb-buc4"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.0.7"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/381664?format=api",
                    "purl": "pkg:maven/com.vaadin/vaadin@24.1.0",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ehwa-equd-5kbt"
                        },
                        {
                            "vulnerability": "VCID-sgsc-udzb-buc4"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.1.0"
                }
            ],
            "aliases": [
                "CVE-2023-25500",
                "GHSA-ch48-9r3q-pv7x"
            ],
            "risk_score": 1.6,
            "exploitability": "0.5",
            "weighted_severity": "3.1",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ujm5-9yas-ffag"
        }
    ],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129134?format=api",
            "vulnerability_id": "VCID-bwkv-w3az-kyc1",
            "summary": "When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25499",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00243",
                            "scoring_system": "epss",
                            "scoring_elements": "0.47985",
                            "published_at": "2026-06-12T12:55:00Z"
                        },
                        {
                            "value": "0.00243",
                            "scoring_system": "epss",
                            "scoring_elements": "0.48001",
                            "published_at": "2026-06-13T12:55:00Z"
                        },
                        {
                            "value": "0.00243",
                            "scoring_system": "epss",
                            "scoring_elements": "0.47844",
                            "published_at": "2026-06-11T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25499"
                },
                {
                    "reference_url": "https://github.com/vaadin/platform",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/vaadin/platform"
                },
                {
                    "reference_url": "https://github.com/vaadin/platform/security/advisories/GHSA-5f9v-mv5g-jh5q",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/vaadin/platform/security/advisories/GHSA-5f9v-mv5g-jh5q"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25499",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25499"
                },
                {
                    "reference_url": "https://github.com/vaadin/flow/pull/15885",
                    "reference_id": "15885",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T19:58:40Z/"
                        }
                    ],
                    "url": "https://github.com/vaadin/flow/pull/15885"
                },
                {
                    "reference_url": "https://vaadin.com/security/CVE-2023-25499",
                    "reference_id": "CVE-2023-25499",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.7",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-05T19:58:40Z/"
                        }
                    ],
                    "url": "https://vaadin.com/security/CVE-2023-25499"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-5f9v-mv5g-jh5q",
                    "reference_id": "GHSA-5f9v-mv5g-jh5q",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-5f9v-mv5g-jh5q"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/381660?format=api",
                    "purl": "pkg:maven/com.vaadin/vaadin@10.0.23",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ujm5-9yas-ffag"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@10.0.23"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/381661?format=api",
                    "purl": "pkg:maven/com.vaadin/vaadin@14.10.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ehwa-equd-5kbt"
                        },
                        {
                            "vulnerability": "VCID-ujm5-9yas-ffag"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@14.10.1"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/381662?format=api",
                    "purl": "pkg:maven/com.vaadin/vaadin@23.3.13",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ehwa-equd-5kbt"
                        },
                        {
                            "vulnerability": "VCID-sgsc-udzb-buc4"
                        },
                        {
                            "vulnerability": "VCID-ujm5-9yas-ffag"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@23.3.13"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/381663?format=api",
                    "purl": "pkg:maven/com.vaadin/vaadin@24.0.6",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ehwa-equd-5kbt"
                        },
                        {
                            "vulnerability": "VCID-sgsc-udzb-buc4"
                        },
                        {
                            "vulnerability": "VCID-ujm5-9yas-ffag"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.0.6"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/381664?format=api",
                    "purl": "pkg:maven/com.vaadin/vaadin@24.1.0",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ehwa-equd-5kbt"
                        },
                        {
                            "vulnerability": "VCID-sgsc-udzb-buc4"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.1.0"
                }
            ],
            "aliases": [
                "CVE-2023-25499",
                "GHSA-5f9v-mv5g-jh5q"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bwkv-w3az-kyc1"
        }
    ],
    "risk_score": "3.1",
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.vaadin/vaadin@24.0.6"
}

Package Instance