VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/50054?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/50054?format=api",
    "purl": "pkg:pypi/pillow@11.1.0",
    "type": "pypi",
    "namespace": "",
    "name": "pillow",
    "version": "11.1.0",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "12.2.0",
    "latest_non_vulnerable_version": "12.2.0",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37317?format=api",
            "vulnerability_id": "VCID-9hza-srk7-sucy",
            "summary": "Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0.",
            "references": [
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/releases/tag/12.2.0"
                },
                {
                    "reference_url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
                        }
                    ],
                    "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/50058?format=api",
                    "purl": "pkg:pypi/pillow@12.2.0",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@12.2.0"
                }
            ],
            "aliases": [
                "CVE-2026-42308",
                "GHSA-wjx4-4jcj-g98j",
                "PYSEC-2026-165"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hza-srk7-sucy"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pillow@11.1.0"
}

Package Instance