Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/420682?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/420682?format=api", "purl": "pkg:gem/omniauth@1.0.0.pr1", "type": "gem", "namespace": "", "name": "omniauth", "version": "1.0.0.pr1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.0", "latest_non_vulnerable_version": "2.0.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208004?format=api", "vulnerability_id": "VCID-gtk5-xfmf-97ag", "summary": "lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36599", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70517", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70426", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36599" }, { "reference_url": "https://github.com/omniauth/omniauth", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omniauth/omniauth" }, { "reference_url": "https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00#diff-575abda9deb9b1a77bf534e898a923029b9a61e991d626db88dc6e8b34260aa2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00#diff-575abda9deb9b1a77bf534e898a923029b9a61e991d626db88dc6e8b34260aa2" }, { "reference_url": "https://rubygems.org/gems/omniauth/versions/1.9.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubygems.org/gems/omniauth/versions/1.9.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36599", "reference_id": "CVE-2020-36599", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36599" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2020-36599.yml", "reference_id": "CVE-2020-36599.YML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2020-36599.yml" }, { "reference_url": "https://github.com/advisories/GHSA-pm55-qfxr-h247", "reference_id": "GHSA-pm55-qfxr-h247", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pm55-qfxr-h247" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15291?format=api", "purl": "pkg:gem/omniauth@1.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v81q-9689-5uea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/omniauth@1.9.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/15292?format=api", "purl": "pkg:gem/omniauth@2.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/omniauth@2.0.0" } ], "aliases": [ "CVE-2020-36599", "GHSA-pm55-qfxr-h247" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gtk5-xfmf-97ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203645?format=api", "vulnerability_id": "VCID-v81q-9689-5uea", "summary": "OmniAuth Ruby gem Cross-site Request Forgery in request phase", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9284.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9284.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9284", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.6264", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62742", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284" }, { "reference_url": "https://github.com/omniauth/omniauth", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omniauth/omniauth" }, { "reference_url": "https://github.com/omniauth/omniauth/issues/1031", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omniauth/omniauth/issues/1031" }, { "reference_url": "https://github.com/omniauth/omniauth/pull/809", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omniauth/omniauth/pull/809" }, { "reference_url": "https://github.com/omniauth/omniauth-rails/pull/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omniauth/omniauth-rails/pull/1" }, { "reference_url": "https://github.com/omniauth/omniauth/releases/tag/v1.9.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omniauth/omniauth/releases/tag/v1.9.2" }, { "reference_url": "https://github.com/omniauth/omniauth/releases/tag/v2.0.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omniauth/omniauth/releases/tag/v2.0.0" }, { "reference_url": "https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/commit/aef9f623c0be838234d53baf18977564804da397", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/commit/aef9f623c0be838234d53baf18977564804da397" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2015/05/26/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2015/05/26/11" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1707375", "reference_id": "1707375", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1707375" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973384", "reference_id": "973384", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973384" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9284", "reference_id": "CVE-2015-9284", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9284" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2015-9284.yml", "reference_id": "CVE-2015-9284.YML", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2015-9284.yml" }, { "reference_url": "https://github.com/advisories/GHSA-ww4x-rwq6-qpgf", "reference_id": "GHSA-ww4x-rwq6-qpgf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ww4x-rwq6-qpgf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/15292?format=api", "purl": "pkg:gem/omniauth@2.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/omniauth@2.0.0" } ], "aliases": [ "CVE-2015-9284", "GHSA-ww4x-rwq6-qpgf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v81q-9689-5uea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169727?format=api", "vulnerability_id": "VCID-xqas-uqre-buhk", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63695", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63593", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18076" }, { "reference_url": "https://bugs.debian.org/888523", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.debian.org/888523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18076" }, { "reference_url": "https://github.com/omniauth/omniauth", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omniauth/omniauth" }, { "reference_url": "https://github.com/omniauth/omniauth/pull/867", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omniauth/omniauth/pull/867" }, { "reference_url": "https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/omniauth/omniauth/pull/867/commits/71866c5264122e196847a3980c43051446a03e9b" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4109", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4109" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888523", "reference_id": "888523", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888523" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18076", "reference_id": "CVE-2017-18076", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18076" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2017-18076.yml", "reference_id": "CVE-2017-18076.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth/CVE-2017-18076.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9pr6-grf4-x2fr", "reference_id": "GHSA-9pr6-grf4-x2fr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9pr6-grf4-x2fr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13078?format=api", "purl": "pkg:gem/omniauth@1.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gtk5-xfmf-97ag" }, { "vulnerability": "VCID-v81q-9689-5uea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/omniauth@1.3.2" } ], "aliases": [ "CVE-2017-18076", "GHSA-9pr6-grf4-x2fr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xqas-uqre-buhk" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/omniauth@1.0.0.pr1" }