Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52555?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52555?format=api", "purl": "pkg:composer/moodle/moodle@3.0.1", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "3.0.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.0.9", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38035?format=api", "vulnerability_id": "VCID-3kq3-v2u1-fyhz", "summary": "Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `search_pagination` function in `course/classes/management_renderer.php` in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted search string.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=326206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=326206" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0725", "reference_id": "CVE-2016-0725", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0725" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52558?format=api", "purl": "pkg:composer/moodle/moodle@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2" } ], "aliases": [ "CVE-2016-0725" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kq3-v2u1-fyhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38036?format=api", "vulnerability_id": "VCID-xmm4-zw49-3feh", "summary": "Information Exposure\nThe (1) `core_enrol_get_course_enrolment_methods` and (2) `enrol_self_get_instance_info` web services in Moodle do not consider the `moodle/course:viewhiddencourses` capability, which allows remote authenticated users to obtain sensitive information via a web-service request.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=326205", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=326205" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0724", "reference_id": "CVE-2016-0724", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0724" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52558?format=api", "purl": "pkg:composer/moodle/moodle@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2" } ], "aliases": [ "CVE-2016-0724" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmm4-zw49-3feh" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.1" }