Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4107?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4107?format=api", "purl": "pkg:deb/debian/nspr@4.8.6-1%2Bsqueeze3", "type": "deb", "namespace": "debian", "name": "nspr", "version": "4.8.6-1+squeeze3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2:4.12-1+debu8u1", "latest_non_vulnerable_version": "2:4.12-1+debu8u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2771?format=api", "vulnerability_id": "VCID-2j41-vcxe-w3af", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team reported an out of bounds write in the \nNetscape \nPortable Runtime (NSPR) leading to a potentially exploitable crash or code\nexecution. This issue is fixed in NSPR version 4.10.6.\nThis NSPR flaw was not exposed to web content in any shipped version of Firefox.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1545.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1545.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02889", "scoring_system": "epss", "scoring_elements": "0.8658", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1545" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107432", "reference_id": "1107432", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545", "reference_id": "CVE-2014-1545", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-55", "reference_id": "mfsa2014-55", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-55" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0917", "reference_id": "RHSA-2014:0917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1246", "reference_id": "RHSA-2014:1246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1246" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4108?format=api", "purl": "pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j41-vcxe-w3af" }, { "vulnerability": "VCID-2sem-6a6r-suem" }, { "vulnerability": "VCID-qqrz-4j53-d3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.9.2-1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4577?format=api", "purl": "pkg:deb/debian/nspr@2:4.10.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sem-6a6r-suem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.10.7-1" } ], "aliases": [ "CVE-2014-1545" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2j41-vcxe-w3af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2911?format=api", "vulnerability_id": "VCID-2sem-6a6r-suem", "summary": "Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7183.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04702", "scoring_system": "epss", "scoring_elements": "0.89546", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269353", "reference_id": "1269353", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183", "reference_id": "CVE-2015-7183", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183" }, { "reference_url": "https://security.gentoo.org/glsa/201512-10", "reference_id": "GLSA-201512-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201512-10" }, { "reference_url": "https://security.gentoo.org/glsa/201605-06", "reference_id": "GLSA-201605-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201605-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-133", "reference_id": "mfsa2015-133", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1980", "reference_id": "RHSA-2015:1980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1981", "reference_id": "RHSA-2015:1981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2068", "reference_id": "RHSA-2015:2068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2068" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4108?format=api", "purl": "pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j41-vcxe-w3af" }, { "vulnerability": "VCID-2sem-6a6r-suem" }, { "vulnerability": "VCID-qqrz-4j53-d3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.9.2-1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4578?format=api", "purl": "pkg:deb/debian/nspr@2:4.12-1%2Bdebu8u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.12-1%252Bdebu8u1" } ], "aliases": [ "CVE-2015-7183" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2sem-6a6r-suem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1984?format=api", "vulnerability_id": "VCID-qqrz-4j53-d3b8", "summary": "Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5607.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5607.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5607", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02207", "scoring_system": "epss", "scoring_elements": "0.84756", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5607" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1031461", "reference_id": "1031461", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1031461" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607", "reference_id": "CVE-2013-5607", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607" }, { "reference_url": "https://security.gentoo.org/glsa/201406-19", "reference_id": "GLSA-201406-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-19" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-103", "reference_id": "mfsa2013-103", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1791", "reference_id": "RHSA-2013:1791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1829", "reference_id": "RHSA-2013:1829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1829" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4108?format=api", "purl": "pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j41-vcxe-w3af" }, { "vulnerability": "VCID-2sem-6a6r-suem" }, { "vulnerability": "VCID-qqrz-4j53-d3b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.9.2-1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4577?format=api", "purl": "pkg:deb/debian/nspr@2:4.10.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2sem-6a6r-suem" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.10.7-1" } ], "aliases": [ "CVE-2013-5607" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qqrz-4j53-d3b8" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@4.8.6-1%252Bsqueeze3" }