Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/510?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/510?format=api", "purl": "pkg:apache/httpd@1.3.42", "type": "apache", "namespace": "", "name": "httpd", "version": "1.3.42", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.65", "latest_non_vulnerable_version": "2.4.54", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3729?format=api", "vulnerability_id": "VCID-prd8-51a5-pygj", "summary": "An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released.\nPatches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3368.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3368.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76893", "scoring_system": "epss", "scoring_elements": "0.98968", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.76893", "scoring_system": "epss", "scoring_elements": "0.98966", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.79136", "scoring_system": "epss", "scoring_elements": "0.99055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.79136", "scoring_system": "epss", "scoring_elements": "0.99059", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.79136", "scoring_system": "epss", "scoring_elements": "0.99062", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.79136", "scoring_system": "epss", "scoring_elements": "0.99063", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.79136", "scoring_system": "epss", "scoring_elements": "0.99064", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.79136", "scoring_system": "epss", "scoring_elements": "0.99066", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.79136", "scoring_system": "epss", "scoring_elements": "0.99067", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.79136", "scoring_system": "epss", "scoring_elements": "0.99069", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.79136", "scoring_system": "epss", "scoring_elements": "0.99071", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.79136", "scoring_system": "epss", "scoring_elements": "0.99065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.79136", "scoring_system": "epss", "scoring_elements": "0.99054", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=740045", "reference_id": "740045", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740045" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2011-3368.json", "reference_id": "CVE-2011-3368", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2011-3368.json" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17969.py", "reference_id": "CVE-2011-3368;OSVDB-76079", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17969.py" }, { "reference_url": "https://security.gentoo.org/glsa/201206-25", "reference_id": "GLSA-201206-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1391", "reference_id": "RHSA-2011:1391", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1391" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1392", "reference_id": "RHSA-2011:1392", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1392" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0542", "reference_id": "RHSA-2012:0542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0543", "reference_id": "RHSA-2012:0543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0543" }, { "reference_url": "https://usn.ubuntu.com/1259-1/", "reference_id": "USN-1259-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1259-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/514?format=api", "purl": "pkg:apache/httpd@2.0.65", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.0.65" }, { "url": "http://public2.vulnerablecode.io/api/packages/518?format=api", "purl": "pkg:apache/httpd@2.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-1bv2-mkj8-ubaz" }, { "vulnerability": "VCID-1d24-sy5z-jfhh" }, { "vulnerability": "VCID-1zk6-7wv2-ukcz" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-6bez-sgg8-cbbq" }, { "vulnerability": "VCID-6pzx-1e5t-xbes" }, { "vulnerability": "VCID-8axm-4anr-27ht" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-ese4-47tg-efbw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-ke1s-451y-p3cz" }, { "vulnerability": "VCID-kpew-rarv-83dg" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-rhk3-ujc1-q7fj" }, { "vulnerability": "VCID-ssvj-7g27-1ug6" }, { "vulnerability": "VCID-tbud-pwyt-aye9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.2.22" } ], "aliases": [ "CVE-2011-3368" ], "risk_score": 9.6, "exploitability": "2.0", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-prd8-51a5-pygj" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3718?format=api", "vulnerability_id": "VCID-123w-f3zc-37d9", "summary": "An incorrect conversion between numeric types flaw was found in the mod_proxy module which affects some 64-bit architecture systems. A malicious HTTP server to which requests are being proxied could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted response.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97713", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97677", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97683", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97684", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97685", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97689", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97692", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97695", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97697", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97698", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97704", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97707", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.47445", "scoring_system": "epss", "scoring_elements": "0.97708", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0010" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2010-0010.json", "reference_id": "CVE-2010-0010", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2010-0010.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510?format=api", "purl": "pkg:apache/httpd@1.3.42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-prd8-51a5-pygj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@1.3.42" } ], "aliases": [ "CVE-2010-0010" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-123w-f3zc-37d9" } ], "risk_score": "9.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@1.3.42" }