Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/415279?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/415279?format=api", "purl": "pkg:apk/alpine/python2@2.7.16-r3?arch=aarch64&distroversion=v3.12&reponame=main", "type": "apk", "namespace": "alpine", "name": "python2", "version": "2.7.16-r3", "qualifiers": { "arch": "aarch64", "distroversion": "v3.12", "reponame": "main" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.7.17-r0", "latest_non_vulnerable_version": "2.7.18-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/99021?format=api", "vulnerability_id": "VCID-fwhj-bjfc-h3an", "summary": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16056.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16056.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75957", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00894", "scoring_system": "epss", "scoring_elements": "0.75982", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749839", "reference_id": "1749839", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749839" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940901", "reference_id": "940901", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3725", "reference_id": "RHSA-2019:3725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3948", "reference_id": "RHSA-2019:3948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1131", "reference_id": "RHSA-2020:1131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1132", "reference_id": "RHSA-2020:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1605", "reference_id": "RHSA-2020:1605", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1605" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1764", "reference_id": "RHSA-2020:1764", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1764" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2520", "reference_id": "RHSA-2020:2520", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2520" }, { "reference_url": "https://usn.ubuntu.com/4151-1/", "reference_id": "USN-4151-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4151-1/" }, { "reference_url": "https://usn.ubuntu.com/4151-2/", "reference_id": "USN-4151-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4151-2/" }, { "reference_url": "https://usn.ubuntu.com/6891-1/", "reference_id": "USN-6891-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6891-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/415279?format=api", "purl": "pkg:apk/alpine/python2@2.7.16-r3?arch=aarch64&distroversion=v3.12&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/python2@2.7.16-r3%3Farch=aarch64&distroversion=v3.12&reponame=main" } ], "aliases": [ "CVE-2019-16056" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwhj-bjfc-h3an" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74551?format=api", "vulnerability_id": "VCID-ru8s-bq99-9bhd", "summary": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16935.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16935.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16935", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02456", "scoring_system": "epss", "scoring_elements": "0.85499", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02456", "scoring_system": "epss", "scoring_elements": "0.85523", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16935" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027149", "reference_id": "1027149", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027149" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1763229", "reference_id": "1763229", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1763229" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1605", "reference_id": "RHSA-2020:1605", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1605" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3888", "reference_id": "RHSA-2020:3888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3911", "reference_id": "RHSA-2020:3911", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3911" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4285", "reference_id": "RHSA-2020:4285", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4433", "reference_id": "RHSA-2020:4433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://usn.ubuntu.com/4151-1/", "reference_id": "USN-4151-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4151-1/" }, { "reference_url": "https://usn.ubuntu.com/4151-2/", "reference_id": "USN-4151-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4151-2/" }, { "reference_url": "https://usn.ubuntu.com/6891-1/", "reference_id": "USN-6891-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6891-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/415279?format=api", "purl": "pkg:apk/alpine/python2@2.7.16-r3?arch=aarch64&distroversion=v3.12&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/python2@2.7.16-r3%3Farch=aarch64&distroversion=v3.12&reponame=main" } ], "aliases": [ "CVE-2019-16935" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ru8s-bq99-9bhd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/python2@2.7.16-r3%3Farch=aarch64&distroversion=v3.12&reponame=main" }