Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52823?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52823?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.19", "type": "composer", "namespace": "zendframework", "name": "zendframework1", "version": "1.12.19", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.12.20", "latest_non_vulnerable_version": "1.12.20", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38208?format=api", "vulnerability_id": "VCID-rc3w-5r97-k3b3", "summary": "Potential SQL injection in ORDER and GROUP functions\nThe implementation of ORDER BY and GROUP BY in `Zend_Db_Select` is prone to SQL injection when a combination of SQL expressions and comments are used.", "references": [ { "reference_url": "https://framework.zend.com/security/advisory/ZF2016-03", "reference_id": "", "reference_type": "", "scores": [], "url": "https://framework.zend.com/security/advisory/ZF2016-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52880?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.20" } ], "aliases": [ "ZF2016-03" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rc3w-5r97-k3b3" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38158?format=api", "vulnerability_id": "VCID-2xx4-77e9-pfbb", "summary": "Potential SQL injection\nThe implementation of `ORDER BY` and `GROUP BY` in `Zend_Db_Select` of ZF1 is vulnerable by the following SQL injection.", "references": [ { "reference_url": "https://framework.zend.com/security/advisory/ZF2016-02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://framework.zend.com/security/advisory/ZF2016-02" }, { "reference_url": "https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52823?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rc3w-5r97-k3b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19" } ], "aliases": [ "ZF2016-02" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xx4-77e9-pfbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38482?format=api", "vulnerability_id": "VCID-bjvu-jg9w-mqdd", "summary": "SQL Injection\nThe (1) order and (2) group methods in Zend_Db_Select in the Zend Framework might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern `[\\w]*` in a regular expression.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01724", "scoring_system": "epss", "scoring_elements": "0.82763", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6233" }, { "reference_url": "https://framework.zend.com/security/advisory/ZF2016-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://framework.zend.com/security/advisory/ZF2016-02" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml" }, { "reference_url": "https://github.com/zendframework/zendframework", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zendframework" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT" }, { "reference_url": "https://security.gentoo.org/glsa/201804-10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201804-10" }, { "reference_url": "https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802" }, { "reference_url": "http://www.securityfocus.com/bid/91802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91802" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6233", "reference_id": "CVE-2016-6233", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6233" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52823?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rc3w-5r97-k3b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19" } ], "aliases": [ "CVE-2016-6233", "GHSA-p9hp-3gpv-52w3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjvu-jg9w-mqdd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19" }