Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/398639?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/398639?format=api", "purl": "pkg:apk/alpine/cacti@1.2.26-r0?arch=armhf&distroversion=v3.22&reponame=community", "type": "apk", "namespace": "alpine", "name": "cacti", "version": "1.2.26-r0", "qualifiers": { "arch": "armhf", "distroversion": "v3.22", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.2.27-r0", "latest_non_vulnerable_version": "1.2.29-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266467?format=api", "vulnerability_id": "VCID-8max-2avj-hkdt", "summary": "Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.32076", "scoring_system": "epss", "scoring_elements": "0.96804", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.32076", "scoring_system": "epss", "scoring_elements": "0.96806", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.32076", "scoring_system": "epss", "scoring_elements": "0.96809", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.32076", "scoring_system": "epss", "scoring_elements": "0.96817", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.32076", "scoring_system": "epss", "scoring_elements": "0.96818", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.32076", "scoring_system": "epss", "scoring_elements": "0.9682", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.32076", "scoring_system": "epss", "scoring_elements": "0.96821", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.32076", "scoring_system": "epss", "scoring_elements": "0.96822", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51448" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398639?format=api", "purl": "pkg:apk/alpine/cacti@1.2.26-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-51448" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8max-2avj-hkdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95821?format=api", "vulnerability_id": "VCID-ay5a-nkmf-5yar", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76305", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76335", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76347", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76361", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76387", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.76365", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00949", "scoring_system": "epss", "scoring_elements": "0.7636", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254", "reference_id": "1059254", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398639?format=api", "purl": "pkg:apk/alpine/cacti@1.2.26-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-49086" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ay5a-nkmf-5yar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95819?format=api", "vulnerability_id": "VCID-d7db-n89n-qyd8", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49084", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99488", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.9949", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99492", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99493", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99494", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.88341", "scoring_system": "epss", "scoring_elements": "0.99495", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254", "reference_id": "1059254", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398639?format=api", "purl": "pkg:apk/alpine/cacti@1.2.26-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-49084" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7db-n89n-qyd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95820?format=api", "vulnerability_id": "VCID-h3qa-svy4-1fcr", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49085", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99656", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99658", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99659", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.9966", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99661", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.91404", "scoring_system": "epss", "scoring_elements": "0.99662", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398639?format=api", "purl": "pkg:apk/alpine/cacti@1.2.26-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-49085" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h3qa-svy4-1fcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266453?format=api", "vulnerability_id": "VCID-mwbm-aphc-akgu", "summary": "Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02686", "scoring_system": "epss", "scoring_elements": "0.85793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02686", "scoring_system": "epss", "scoring_elements": "0.85811", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03596", "scoring_system": "epss", "scoring_elements": "0.87735", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03596", "scoring_system": "epss", "scoring_elements": "0.87756", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03596", "scoring_system": "epss", "scoring_elements": "0.87762", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03596", "scoring_system": "epss", "scoring_elements": "0.87773", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03596", "scoring_system": "epss", "scoring_elements": "0.87768", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03596", "scoring_system": "epss", "scoring_elements": "0.87766", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50250" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398639?format=api", "purl": "pkg:apk/alpine/cacti@1.2.26-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-50250" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwbm-aphc-akgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95769?format=api", "vulnerability_id": "VCID-xkkm-ss3p-1udc", "summary": "SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43075", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43071", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43098", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.4309", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00207", "scoring_system": "epss", "scoring_elements": "0.43102", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46490" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46490" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286", "reference_id": "1059286", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059286" }, { "reference_url": "https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53", "reference_id": "a95632111138fcd7ccf7432ccb145b53", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/" } ], "url": "https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c", "reference_id": "GHSA-f4r3-53jr-654c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T14:48:55Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398639?format=api", "purl": "pkg:apk/alpine/cacti@1.2.26-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-46490" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xkkm-ss3p-1udc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266496?format=api", "vulnerability_id": "VCID-zkmp-kgyq-tfeh", "summary": "Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2023-50250. Reason: This record is a reservation duplicate of CVE-2023-50250. Notes: All CVE users should reference CVE-2023-50250 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/398639?format=api", "purl": "pkg:apk/alpine/cacti@1.2.26-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=armhf&distroversion=v3.22&reponame=community" } ], "aliases": [ "CVE-2023-50569" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkmp-kgyq-tfeh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.26-r0%3Farch=armhf&distroversion=v3.22&reponame=community" }