Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4341?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4341?format=api", "purl": "pkg:deb/debian/perl@5.8.4-8sarge6", "type": "deb", "namespace": "debian", "name": "perl", "version": "5.8.4-8sarge6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.36.0-7+deb12u3", "latest_non_vulnerable_version": "5.36.0-7+deb12u3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97831?format=api", "vulnerability_id": "VCID-5q5y-jrh7-wqdy", "summary": "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2381.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27444", "scoring_system": "epss", "scoring_elements": "0.96511", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1309214", "reference_id": "1309214", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1309214" }, { "reference_url": "https://security.gentoo.org/glsa/201701-75", "reference_id": "GLSA-201701-75", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-75" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6206", "reference_id": "RHSA-2026:6206", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6206" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4346?format=api", "purl": "pkg:deb/debian/perl@5.14.2-21%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6sya-vave-ckgn" }, { "vulnerability": "VCID-dx7d-j7be-93e7" }, { "vulnerability": "VCID-ktn9-tw2d-37ex" }, { "vulnerability": "VCID-n1jt-6svb-x3e3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.14.2-21%252Bdeb7u3" } ], "aliases": [ "CVE-2016-2381" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5q5y-jrh7-wqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97835?format=api", "vulnerability_id": "VCID-6sya-vave-ckgn", "summary": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\\N{}' escape and the case-insensitive modifier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12837.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0244", "scoring_system": "epss", "scoring_elements": "0.85453", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091", "reference_id": "1492091", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875596", "reference_id": "875596", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6206", "reference_id": "RHSA-2026:6206", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6206" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4348?format=api", "purl": "pkg:deb/debian/perl@5.20.2-3%2Bdeb8u11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dx7d-j7be-93e7" }, { "vulnerability": "VCID-n1jt-6svb-x3e3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.20.2-3%252Bdeb8u11" } ], "aliases": [ "CVE-2017-12837" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6sya-vave-ckgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6400?format=api", "vulnerability_id": "VCID-dx7d-j7be-93e7", "summary": "information disclosure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12883.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04711", "scoring_system": "epss", "scoring_elements": "0.8956", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12883" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093", "reference_id": "1492093", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875597", "reference_id": "875597", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875597" }, { "reference_url": "https://security.archlinux.org/AVG-500", "reference_id": "AVG-500", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6206", "reference_id": "RHSA-2026:6206", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6206" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4348?format=api", "purl": "pkg:deb/debian/perl@5.20.2-3%2Bdeb8u11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dx7d-j7be-93e7" }, { "vulnerability": "VCID-n1jt-6svb-x3e3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.20.2-3%252Bdeb8u11" }, { "url": "http://public2.vulnerablecode.io/api/packages/5136?format=api", "purl": "pkg:deb/debian/perl@5.24.1-3%2Bdeb9u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dx7d-j7be-93e7" }, { "vulnerability": "VCID-n1jt-6svb-x3e3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.24.1-3%252Bdeb9u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/5759?format=api", "purl": "pkg:deb/debian/perl@5.28.1-6%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n1jt-6svb-x3e3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.28.1-6%252Bdeb10u1" } ], "aliases": [ "CVE-2017-12883" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx7d-j7be-93e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97844?format=api", "vulnerability_id": "VCID-ktn9-tw2d-37ex", "summary": "Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6913.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6913.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03896", "scoring_system": "epss", "scoring_elements": "0.88483", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6913" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547772", "reference_id": "1547772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6206", "reference_id": "RHSA-2026:6206", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6206" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4348?format=api", "purl": "pkg:deb/debian/perl@5.20.2-3%2Bdeb8u11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dx7d-j7be-93e7" }, { "vulnerability": "VCID-n1jt-6svb-x3e3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.20.2-3%252Bdeb8u11" } ], "aliases": [ "CVE-2018-6913" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktn9-tw2d-37ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3332?format=api", "vulnerability_id": "VCID-n1jt-6svb-x3e3", "summary": "signature forgery", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16156.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16156.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05559", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015985", "reference_id": "1015985", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015985" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035273", "reference_id": "2035273", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035273" }, { "reference_url": "https://security.archlinux.org/AVG-2630", "reference_id": "AVG-2630", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8432", "reference_id": "RHSA-2025:8432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8432" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5761?format=api", "purl": "pkg:deb/debian/perl@5.36.0-7%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.36.0-7%252Bdeb12u3" } ], "aliases": [ "CVE-2020-16156" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n1jt-6svb-x3e3" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/perl@5.8.4-8sarge6" }