Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/5112?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/5112?format=api", "purl": "pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1%2Bdeb9u1", "type": "deb", "namespace": "debian", "name": "libvorbisidec", "version": "1.0.2+svn18153-1+deb9u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.2.1+git20180316-3", "latest_non_vulnerable_version": "1.2.1+git20180316-3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1479?format=api", "vulnerability_id": "VCID-dn6k-uzwy-8fbj", "summary": "The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.*Update: The 52.7.2 source release accidentally did not include this patch (the Mozilla-produced 52.7.2 binaries are fine). Anyone building 52.7.2 on ARM should use revision 5cd5586a2f48424a9031a3fa4c782954a9df9a52 instead of the released source.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5147" }, { "reference_url": "https://security.archlinux.org/AVG-659", "reference_id": "AVG-659", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-659" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-08", "reference_id": "mfsa2018-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-08" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6164?format=api", "purl": "pkg:deb/debian/libvorbisidec@1.2.1%2Bgit20180316-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.2.1%252Bgit20180316-3" } ], "aliases": [ "CVE-2018-5147" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dn6k-uzwy-8fbj" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1479?format=api", "vulnerability_id": "VCID-dn6k-uzwy-8fbj", "summary": "The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.*Update: The 52.7.2 source release accidentally did not include this patch (the Mozilla-produced 52.7.2 binaries are fine). Anyone building 52.7.2 on ARM should use revision 5cd5586a2f48424a9031a3fa4c782954a9df9a52 instead of the released source.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5147" }, { "reference_url": "https://security.archlinux.org/AVG-659", "reference_id": "AVG-659", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-659" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-08", "reference_id": "mfsa2018-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-08" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4781?format=api", "purl": "pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1~deb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dn6k-uzwy-8fbj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-1~deb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5112?format=api", "purl": "pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dn6k-uzwy-8fbj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-1%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6164?format=api", "purl": "pkg:deb/debian/libvorbisidec@1.2.1%2Bgit20180316-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.2.1%252Bgit20180316-3" } ], "aliases": [ "CVE-2018-5147" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dn6k-uzwy-8fbj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-1%252Bdeb9u1" }