Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/491555?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/491555?format=api", "purl": "pkg:composer/typo3/cms-form@11.1.0", "type": "composer", "namespace": "typo3", "name": "cms-form", "version": "11.1.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "12.4.25", "latest_non_vulnerable_version": "14.3.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/334264?format=api", "vulnerability_id": "VCID-91ky-rf6s-mudv", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59849", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59957", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59968", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.5996", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21358" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21358.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21358.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21358.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21358.yaml" }, { "reference_url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21358", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21358" }, { "reference_url": "https://packagist.org/packages/typo3/cms-form", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/typo3/cms-form" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-004" }, { "reference_url": "https://github.com/advisories/GHSA-x79j-wgqv-g8h2", "reference_id": "GHSA-x79j-wgqv-g8h2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x79j-wgqv-g8h2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382966?format=api", "purl": "pkg:composer/typo3/cms-form@11.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v7x2-zg4n-9yb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@11.1.1" } ], "aliases": [ "CVE-2021-21358", "GHSA-x79j-wgqv-g8h2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91ky-rf6s-mudv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/334262?format=api", "vulnerability_id": "VCID-k2ma-t35n-abha", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.62172", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.62274", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.62285", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.6228", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21355" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml" }, { "reference_url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21355", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21355" }, { "reference_url": "https://packagist.org/packages/typo3/cms-form", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/typo3/cms-form" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-002" }, { "reference_url": "https://github.com/advisories/GHSA-2r6j-862c-m2v2", "reference_id": "GHSA-2r6j-862c-m2v2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2r6j-862c-m2v2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382966?format=api", "purl": "pkg:composer/typo3/cms-form@11.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v7x2-zg4n-9yb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@11.1.1" } ], "aliases": [ "CVE-2021-21355", "GHSA-2r6j-862c-m2v2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2ma-t35n-abha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59521?format=api", "vulnerability_id": "VCID-v7x2-zg4n-9yb2", "summary": "TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none The vulnerability in the affected downstream component “Form Framework Module” allows attackers to manipulate or delete persisted form definitions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40759", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40769", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40782", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40591", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55922" }, { "reference_url": "https://github.com/TYPO3-CMS/form", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3-CMS/form" }, { "reference_url": "https://github.com/TYPO3-CMS/form/commit/93327743f5dfd31c44898ce16e3e004e05f8ba5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3-CMS/form/commit/93327743f5dfd31c44898ce16e3e004e05f8ba5f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55922", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55922" }, { "reference_url": "https://github.com/advisories/GHSA-ww7h-g2qf-7xv6", "reference_id": "GHSA-ww7h-g2qf-7xv6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ww7h-g2qf-7xv6" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-ww7h-g2qf-7xv6", "reference_id": "GHSA-ww7h-g2qf-7xv6", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:42:02Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-ww7h-g2qf-7xv6" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2025-007", "reference_id": "typo3-core-sa-2025-007", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T19:42:02Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-007" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376997?format=api", "purl": "pkg:composer/typo3/cms-form@11.5.42", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@11.5.42" }, { "url": "http://public2.vulnerablecode.io/api/packages/376998?format=api", "purl": "pkg:composer/typo3/cms-form@12.4.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@12.4.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/376999?format=api", "purl": "pkg:composer/typo3/cms-form@13.4.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@13.4.3" } ], "aliases": [ "CVE-2024-55922", "GHSA-ww7h-g2qf-7xv6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v7x2-zg4n-9yb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/334263?format=api", "vulnerability_id": "VCID-wmvt-9z94-qkak", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01121", "scoring_system": "epss", "scoring_elements": "0.78658", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01121", "scoring_system": "epss", "scoring_elements": "0.78724", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01121", "scoring_system": "epss", "scoring_elements": "0.7874", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01121", "scoring_system": "epss", "scoring_elements": "0.78736", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21357" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml" }, { "reference_url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21357", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21357" }, { "reference_url": "https://packagist.org/packages/typo3/cms-form", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/typo3/cms-form" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-003" }, { "reference_url": "https://github.com/advisories/GHSA-3vg7-jw9m-pc3f", "reference_id": "GHSA-3vg7-jw9m-pc3f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vg7-jw9m-pc3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382966?format=api", "purl": "pkg:composer/typo3/cms-form@11.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-v7x2-zg4n-9yb2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@11.1.1" } ], "aliases": [ "CVE-2021-21357", "GHSA-3vg7-jw9m-pc3f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmvt-9z94-qkak" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-form@11.1.0" }