VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/485306?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/485306?format=api",
    "purl": "pkg:composer/automattic/jetpack@3.2.1",
    "type": "composer",
    "namespace": "automattic",
    "name": "jetpack",
    "version": "3.2.1",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": null,
    "latest_non_vulnerable_version": null,
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17925?format=api",
            "vulnerability_id": "VCID-pdbb-cknd-n7b4",
            "summary": "Improper Input Validation\nThe Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2996",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.03349",
                            "scoring_system": "epss",
                            "scoring_elements": "0.87529",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2996"
                },
                {
                    "reference_url": "https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Track*",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-12-05T16:47:57Z/"
                        }
                    ],
                    "url": "https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/"
                },
                {
                    "reference_url": "https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "Track*",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-12-05T16:47:57Z/"
                        }
                    ],
                    "url": "https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2996",
                    "reference_id": "CVE-2023-2996",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2996"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/64609?format=api",
                    "purl": "pkg:composer/automattic/jetpack@12.1.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-zzg2-qvz6-jkfu"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@12.1.1"
                }
            ],
            "aliases": [
                "CVE-2023-2996"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pdbb-cknd-n7b4"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172756?format=api",
            "vulnerability_id": "VCID-rnnx-3m97-fbg2",
            "summary": "",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-24374",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00789",
                            "scoring_system": "epss",
                            "scoring_elements": "0.74173",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-24374"
                },
                {
                    "reference_url": "https://github.com/Automattic/jetpack-production",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/Automattic/jetpack-production"
                },
                {
                    "reference_url": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories"
                },
                {
                    "reference_url": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/"
                },
                {
                    "reference_url": "https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24374",
                    "reference_id": "CVE-2021-24374",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24374"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-5hr6-r8h6-wh22",
                    "reference_id": "GHSA-5hr6-r8h6-wh22",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "MODERATE",
                            "scoring_system": "cvssv3.1_qr",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/advisories/GHSA-5hr6-r8h6-wh22"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/485729?format=api",
                    "purl": "pkg:composer/automattic/jetpack@9.8",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-pdbb-cknd-n7b4"
                        },
                        {
                            "vulnerability": "VCID-zzg2-qvz6-jkfu"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@9.8"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/77757?format=api",
                    "purl": "pkg:composer/automattic/jetpack@9.8.0",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@9.8.0"
                }
            ],
            "aliases": [
                "CVE-2021-24374",
                "GHSA-5hr6-r8h6-wh22"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rnnx-3m97-fbg2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18937?format=api",
            "vulnerability_id": "VCID-zzg2-qvz6-jkfu",
            "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45050",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00275",
                            "scoring_system": "epss",
                            "scoring_elements": "0.51146",
                            "published_at": "2026-05-30T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45050"
                },
                {
                    "reference_url": "https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:22:32Z/"
                        }
                    ],
                    "url": "https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve"
                },
                {
                    "reference_url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
                        },
                        {
                            "value": "Track",
                            "scoring_system": "ssvc",
                            "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:22:32Z/"
                        }
                    ],
                    "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45050",
                    "reference_id": "CVE-2023-45050",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45050"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/641593?format=api",
                    "purl": "pkg:composer/automattic/jetpack@12.8-a.3",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@12.8-a.3"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/66793?format=api",
                    "purl": "pkg:composer/automattic/jetpack@12.8.0-a.3",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@12.8.0-a.3"
                }
            ],
            "aliases": [
                "CVE-2023-45050"
            ],
            "risk_score": null,
            "exploitability": "0.5",
            "weighted_severity": "0.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzg2-qvz6-jkfu"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@3.2.1"
}

Package Instance