Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52427?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52427?format=api", "purl": "pkg:npm/keystone@0.3.16", "type": "npm", "namespace": "", "name": "keystone", "version": "0.3.16", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.0.2", "latest_non_vulnerable_version": "5.5.1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39807?format=api", "vulnerability_id": "VCID-qs56-6vgh-6uaz", "summary": "Authentication Weakness in keystone\nDue to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. A correct password is still required to complete sign in.", "references": [ { "reference_url": "https://nodesecurity.io/advisories/60", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nodesecurity.io/advisories/60" }, { "reference_url": "https://www.npmjs.com/advisories/60", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/advisories/60" }, { "reference_url": "https://www.npmjs.com/package/keystone", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.npmjs.com/package/keystone" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9240", "reference_id": "CVE-2015-9240", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9240" }, { "reference_url": "https://github.com/advisories/GHSA-39pj-gq8q-9pfj", "reference_id": "GHSA-39pj-gq8q-9pfj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-39pj-gq8q-9pfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52427?format=api", "purl": "pkg:npm/keystone@0.3.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/keystone@0.3.16" } ], "aliases": [ "CVE-2015-9240", "GHSA-39pj-gq8q-9pfj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qs56-6vgh-6uaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37960?format=api", "vulnerability_id": "VCID-yynq-xbdy-2ff7", "summary": "Authentication Weakness\nDue to a bug in the the default sign in functionality, incomplete email addresses could be matched. A correct password is still required to complete sign in.", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52427?format=api", "purl": "pkg:npm/keystone@0.3.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/keystone@0.3.16" } ], "aliases": [ "GMS-2015-50" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yynq-xbdy-2ff7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/keystone@0.3.16" }