Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/438219?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/438219?format=api", "purl": "pkg:composer/elgg/elgg@2.3.9", "type": "composer", "namespace": "elgg", "name": "elgg", "version": "2.3.9", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.3.24", "latest_non_vulnerable_version": "4.0.5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206989?format=api", "vulnerability_id": "VCID-1mje-p69c-jbdf", "summary": "Information exposure in elgg", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.71128", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0064", "scoring_system": "epss", "scoring_elements": "0.71039", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3980" }, { "reference_url": "https://github.com/Elgg/Elgg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Elgg/Elgg" }, { "reference_url": "https://github.com/elgg/elgg/commit/572d210e2392f1fdf47ff2f38665372a6535c126", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/elgg/elgg/commit/572d210e2392f1fdf47ff2f38665372a6535c126" }, { "reference_url": "https://github.com/Elgg/Elgg/pull/13791", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Elgg/Elgg/pull/13791" }, { "reference_url": "https://huntr.dev/bounties/1f43f11e-4bd8-451f-a244-dc9541cdc0ac", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/1f43f11e-4bd8-451f-a244-dc9541cdc0ac" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3980", "reference_id": "CVE-2021-3980", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3980" }, { "reference_url": "https://github.com/advisories/GHSA-hx6g-q9v2-xh7v", "reference_id": "GHSA-hx6g-q9v2-xh7v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hx6g-q9v2-xh7v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18379?format=api", "purl": "pkg:composer/elgg/elgg@3.3.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xhqd-e7k3-qkep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/elgg/elgg@3.3.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/527429?format=api", "purl": "pkg:composer/elgg/elgg@4.0.0-beta.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/elgg/elgg@4.0.0-beta.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/18381?format=api", "purl": "pkg:composer/elgg/elgg@4.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/elgg/elgg@4.0.5" } ], "aliases": [ "CVE-2021-3980", "GHSA-hx6g-q9v2-xh7v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1mje-p69c-jbdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206773?format=api", "vulnerability_id": "VCID-6r5u-vv41-a7ga", "summary": "elgg is vulnerable to Authorization Bypass Through User-Controlled Key", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39346", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39174", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3964" }, { "reference_url": "https://github.com/elgg/elgg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/elgg/elgg" }, { "reference_url": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/elgg/elgg/commit/d9fcad76ee380ea17edd61d13d0f87828ea3f744" }, { "reference_url": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/a4df45d6-b739-4299-967f-c960b569383a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3964", "reference_id": "CVE-2021-3964", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3964" }, { "reference_url": "https://github.com/advisories/GHSA-gwpx-q2h9-wxgx", "reference_id": "GHSA-gwpx-q2h9-wxgx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gwpx-q2h9-wxgx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18177?format=api", "purl": "pkg:composer/elgg/elgg@3.3.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mje-p69c-jbdf" }, { "vulnerability": "VCID-xhqd-e7k3-qkep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/elgg/elgg@3.3.22" } ], "aliases": [ "CVE-2021-3964", "GHSA-gwpx-q2h9-wxgx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6r5u-vv41-a7ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/309826?format=api", "vulnerability_id": "VCID-8635-b641-sfas", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46354", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46499", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11016" }, { "reference_url": "https://elgg.org/blog/view/2913744/security-release-elgg-11218-and-2311", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://elgg.org/blog/view/2913744/security-release-elgg-11218-and-2311" }, { "reference_url": "https://github.com/Elgg/Elgg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Elgg/Elgg" }, { "reference_url": "https://github.com/Elgg/Elgg/releases/tag/1.12.18", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Elgg/Elgg/releases/tag/1.12.18" }, { "reference_url": "https://github.com/Elgg/Elgg/releases/tag/2.3.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Elgg/Elgg/releases/tag/2.3.11" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11016", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11016" }, { "reference_url": "https://github.com/advisories/GHSA-r6h7-846c-8m78", "reference_id": "GHSA-r6h7-846c-8m78", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6h7-846c-8m78" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/385191?format=api", "purl": "pkg:composer/elgg/elgg@2.3.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1mje-p69c-jbdf" }, { "vulnerability": "VCID-6r5u-vv41-a7ga" }, { "vulnerability": "VCID-xhqd-e7k3-qkep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/elgg/elgg@2.3.11" } ], "aliases": [ "CVE-2019-11016", "GHSA-r6h7-846c-8m78" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8635-b641-sfas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207111?format=api", "vulnerability_id": "VCID-xhqd-e7k3-qkep", "summary": "elgg is vulnerable to Cross-site Scripting", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56473", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0033", "scoring_system": "epss", "scoring_elements": "0.56354", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4072" }, { "reference_url": "https://github.com/elgg/elgg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/elgg/elgg" }, { "reference_url": "https://github.com/elgg/elgg/commit/c30b17bf75256ed3fcc84e2083147cc3951423d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/elgg/elgg/commit/c30b17bf75256ed3fcc84e2083147cc3951423d0" }, { "reference_url": "https://huntr.dev/bounties/74034253-732a-4251-a0f9-eca5f576c955", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/74034253-732a-4251-a0f9-eca5f576c955" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4072", "reference_id": "CVE-2021-4072", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4072" }, { "reference_url": "https://github.com/advisories/GHSA-2xw8-j43j-5vxp", "reference_id": "GHSA-2xw8-j43j-5vxp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xw8-j43j-5vxp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18498?format=api", "purl": "pkg:composer/elgg/elgg@3.3.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/elgg/elgg@3.3.24" } ], "aliases": [ "CVE-2021-4072", "GHSA-2xw8-j43j-5vxp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhqd-e7k3-qkep" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/elgg/elgg@2.3.9" }