VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/470435?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/470435?format=api",
    "purl": "pkg:apk/alpine/openssl@3.0.3-r0?arch=x86_64&distroversion=edge&reponame=main",
    "type": "apk",
    "namespace": "alpine",
    "name": "openssl",
    "version": "3.0.3-r0",
    "qualifiers": {
        "arch": "x86_64",
        "distroversion": "edge",
        "reponame": "main"
    },
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "3.0.5-r0",
    "latest_non_vulnerable_version": "3.5.6-r0",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14301?format=api",
            "vulnerability_id": "VCID-ttju-tw1d-f3ay",
            "summary": "Improper Certificate Validation\nThe function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL \"ocsp\" application. When verifying an ocsp response with the \"-no_cert_checks\" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1343.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1343.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1343",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00145",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34815",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00145",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34643",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00145",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3486",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00145",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34887",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00145",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34766",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00145",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3481",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00145",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34838",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00145",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34843",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00145",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34805",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00145",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3478",
                            "published_at": "2026-04-13T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1343"
                },
                {
                    "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/"
                        }
                    ],
                    "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://github.com/github/advisory-database/issues/405",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/github/advisory-database/issues/405"
                },
                {
                    "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"
                },
                {
                    "reference_url": "https://rustsec.org/advisories/RUSTSEC-2022-0027.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://rustsec.org/advisories/RUSTSEC-2022-0027.html"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20220602-0009",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.netapp.com/advisory/ntap-20220602-0009"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20220602-0009/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/"
                        }
                    ],
                    "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
                },
                {
                    "reference_url": "https://www.openssl.org/news/secadv/20220503.txt",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/"
                        }
                    ],
                    "url": "https://www.openssl.org/news/secadv/20220503.txt"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087911",
                    "reference_id": "2087911",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087911"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1343",
                    "reference_id": "CVE-2022-1343",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1343"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-mfm6-r9g2-q4r7",
                    "reference_id": "GHSA-mfm6-r9g2-q4r7",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-mfm6-r9g2-q4r7"
                },
                {
                    "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a",
                    "reference_id": "?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/"
                        }
                    ],
                    "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2022:6224",
                    "reference_id": "RHSA-2022:6224",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2022:6224"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/5402-1/",
                    "reference_id": "USN-5402-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/5402-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/470435?format=api",
                    "purl": "pkg:apk/alpine/openssl@3.0.3-r0?arch=x86_64&distroversion=edge&reponame=main",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.3-r0%3Farch=x86_64&distroversion=edge&reponame=main"
                }
            ],
            "aliases": [
                "CVE-2022-1343",
                "GHSA-mfm6-r9g2-q4r7"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttju-tw1d-f3ay"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14306?format=api",
            "vulnerability_id": "VCID-wxvb-73gj-p3eu",
            "summary": "Use of a Broken or Risky Cryptographic Algorithm\nThe OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1434.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1434.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1434",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00067",
                            "scoring_system": "epss",
                            "scoring_elements": "0.20656",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00067",
                            "scoring_system": "epss",
                            "scoring_elements": "0.2067",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00067",
                            "scoring_system": "epss",
                            "scoring_elements": "0.20722",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00067",
                            "scoring_system": "epss",
                            "scoring_elements": "0.20766",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00067",
                            "scoring_system": "epss",
                            "scoring_elements": "0.20695",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00067",
                            "scoring_system": "epss",
                            "scoring_elements": "0.20746",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00067",
                            "scoring_system": "epss",
                            "scoring_elements": "0.20686",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00067",
                            "scoring_system": "epss",
                            "scoring_elements": "0.2061",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00067",
                            "scoring_system": "epss",
                            "scoring_elements": "0.20895",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00067",
                            "scoring_system": "epss",
                            "scoring_elements": "0.20838",
                            "published_at": "2026-04-02T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1434"
                },
                {
                    "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://github.com/github/advisory-database/issues/405",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/github/advisory-database/issues/405"
                },
                {
                    "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7d56a74a96828985db7354a55227a511615f732b",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7d56a74a96828985db7354a55227a511615f732b"
                },
                {
                    "reference_url": "https://rustsec.org/advisories/RUSTSEC-2022-0026.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://rustsec.org/advisories/RUSTSEC-2022-0026.html"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20220602-0009",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.netapp.com/advisory/ntap-20220602-0009"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20220602-0009/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
                },
                {
                    "reference_url": "https://www.openssl.org/news/secadv/20220503.txt",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.openssl.org/news/secadv/20220503.txt"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087912",
                    "reference_id": "2087912",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087912"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1434",
                    "reference_id": "CVE-2022-1434",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.9",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1434"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-638m-m8mh-7gw2",
                    "reference_id": "GHSA-638m-m8mh-7gw2",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-638m-m8mh-7gw2"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/5402-1/",
                    "reference_id": "USN-5402-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/5402-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/470435?format=api",
                    "purl": "pkg:apk/alpine/openssl@3.0.3-r0?arch=x86_64&distroversion=edge&reponame=main",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.3-r0%3Farch=x86_64&distroversion=edge&reponame=main"
                }
            ],
            "aliases": [
                "CVE-2022-1434",
                "GHSA-638m-m8mh-7gw2"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxvb-73gj-p3eu"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14305?format=api",
            "vulnerability_id": "VCID-zhwv-pq2x-8bey",
            "summary": "Improper Resource Shutdown or Release\nThe `OPENSSL_LH_flush()` function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1473",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00331",
                            "scoring_system": "epss",
                            "scoring_elements": "0.56097",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00331",
                            "scoring_system": "epss",
                            "scoring_elements": "0.55926",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00331",
                            "scoring_system": "epss",
                            "scoring_elements": "0.56037",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00331",
                            "scoring_system": "epss",
                            "scoring_elements": "0.56058",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00331",
                            "scoring_system": "epss",
                            "scoring_elements": "0.56036",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00331",
                            "scoring_system": "epss",
                            "scoring_elements": "0.56087",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00331",
                            "scoring_system": "epss",
                            "scoring_elements": "0.5609",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00331",
                            "scoring_system": "epss",
                            "scoring_elements": "0.56102",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00331",
                            "scoring_system": "epss",
                            "scoring_elements": "0.56079",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00331",
                            "scoring_system": "epss",
                            "scoring_elements": "0.56062",
                            "published_at": "2026-04-13T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1473"
                },
                {
                    "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"
                        }
                    ],
                    "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
                },
                {
                    "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
                },
                {
                    "reference_url": "https://github.com/github/advisory-database/issues/405",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/github/advisory-database/issues/405"
                },
                {
                    "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1"
                },
                {
                    "reference_url": "https://rustsec.org/advisories/RUSTSEC-2022-0025.html",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://rustsec.org/advisories/RUSTSEC-2022-0025.html"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20220602-0009",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.netapp.com/advisory/ntap-20220602-0009"
                },
                {
                    "reference_url": "https://security.netapp.com/advisory/ntap-20220602-0009/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"
                        }
                    ],
                    "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
                },
                {
                    "reference_url": "https://www.openssl.org/news/secadv/20220503.txt",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"
                        }
                    ],
                    "url": "https://www.openssl.org/news/secadv/20220503.txt"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087913",
                    "reference_id": "2087913",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087913"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1473",
                    "reference_id": "CVE-2022-1473",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1473"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-g323-fr93-4j3c",
                    "reference_id": "GHSA-g323-fr93-4j3c",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "HIGH",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-g323-fr93-4j3c"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/202210-02",
                    "reference_id": "GLSA-202210-02",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"
                        }
                    ],
                    "url": "https://security.gentoo.org/glsa/202210-02"
                },
                {
                    "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1",
                    "reference_id": "?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/"
                        }
                    ],
                    "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2022:6224",
                    "reference_id": "RHSA-2022:6224",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2022:6224"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/5402-1/",
                    "reference_id": "USN-5402-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/5402-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/5402-2/",
                    "reference_id": "USN-5402-2",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/5402-2/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/470435?format=api",
                    "purl": "pkg:apk/alpine/openssl@3.0.3-r0?arch=x86_64&distroversion=edge&reponame=main",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.3-r0%3Farch=x86_64&distroversion=edge&reponame=main"
                }
            ],
            "aliases": [
                "CVE-2022-1473",
                "GHSA-g323-fr93-4j3c"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhwv-pq2x-8bey"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.3-r0%3Farch=x86_64&distroversion=edge&reponame=main"
}

Package Instance