VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/532385?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/532385?format=api",
    "purl": "pkg:apk/alpine/firefox@89.0-r0?arch=x86_64&distroversion=v3.18&reponame=community",
    "type": "apk",
    "namespace": "alpine",
    "name": "firefox",
    "version": "89.0-r0",
    "qualifiers": {
        "arch": "x86_64",
        "distroversion": "v3.18",
        "reponame": "community"
    },
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "90.0-r0",
    "latest_non_vulnerable_version": "119.0-r0",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63229?format=api",
            "vulnerability_id": "VCID-1kfj-m46a-bkd9",
            "summary": "A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog.\n*This bug only affects Firefox for Android. Other operating systems are unaffected.*",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29965",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00304",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53705",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00304",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53578",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00304",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53663",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00304",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53701",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00304",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53601",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00304",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53629",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00304",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53599",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00304",
                            "scoring_system": "epss",
                            "scoring_elements": "0.5365",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00304",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53648",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00304",
                            "scoring_system": "epss",
                            "scoring_elements": "0.53697",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00304",
                            "scoring_system": "epss",
                            "scoring_elements": "0.5368",
                            "published_at": "2026-04-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29965"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2019",
                    "reference_id": "AVG-2019",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "High",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2019"
                },
                {
                    "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23",
                    "reference_id": "mfsa2021-23",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "high",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/532385?format=api",
                    "purl": "pkg:apk/alpine/firefox@89.0-r0?arch=x86_64&distroversion=v3.18&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@89.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2021-29965"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1kfj-m46a-bkd9"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49747?format=api",
            "vulnerability_id": "VCID-2vy5-zebk-1bgk",
            "summary": "Multiple vulnerabilities have been found in Mozilla Firefox, the\n    worst of which could result in the arbitrary execution of code.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29961",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54757",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54631",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54738",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54716",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54701",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54724",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54694",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54746",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54742",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54754",
                            "published_at": "2026-04-16T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29961"
                },
                {
                    "reference_url": "https://security.archlinux.org/ASA-202106-3",
                    "reference_id": "ASA-202106-3",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.archlinux.org/ASA-202106-3"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2018",
                    "reference_id": "AVG-2018",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "High",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2018"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/202107-09",
                    "reference_id": "GLSA-202107-09",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/202107-09"
                },
                {
                    "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23",
                    "reference_id": "mfsa2021-23",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "high",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/4978-1/",
                    "reference_id": "USN-4978-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/4978-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/532385?format=api",
                    "purl": "pkg:apk/alpine/firefox@89.0-r0?arch=x86_64&distroversion=v3.18&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@89.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2021-29961"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2vy5-zebk-1bgk"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49746?format=api",
            "vulnerability_id": "VCID-7knr-6rqg-8kcw",
            "summary": "Multiple vulnerabilities have been found in Mozilla Firefox, the\n    worst of which could result in the arbitrary execution of code.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29960",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00424",
                            "scoring_system": "epss",
                            "scoring_elements": "0.62236",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00424",
                            "scoring_system": "epss",
                            "scoring_elements": "0.6207",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00424",
                            "scoring_system": "epss",
                            "scoring_elements": "0.62185",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00424",
                            "scoring_system": "epss",
                            "scoring_elements": "0.6223",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00424",
                            "scoring_system": "epss",
                            "scoring_elements": "0.6213",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00424",
                            "scoring_system": "epss",
                            "scoring_elements": "0.62162",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00424",
                            "scoring_system": "epss",
                            "scoring_elements": "0.62181",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00424",
                            "scoring_system": "epss",
                            "scoring_elements": "0.62198",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00424",
                            "scoring_system": "epss",
                            "scoring_elements": "0.62216",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00424",
                            "scoring_system": "epss",
                            "scoring_elements": "0.62206",
                            "published_at": "2026-04-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29960"
                },
                {
                    "reference_url": "https://security.archlinux.org/ASA-202106-3",
                    "reference_id": "ASA-202106-3",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.archlinux.org/ASA-202106-3"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2018",
                    "reference_id": "AVG-2018",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "High",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2018"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/202107-09",
                    "reference_id": "GLSA-202107-09",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/202107-09"
                },
                {
                    "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23",
                    "reference_id": "mfsa2021-23",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "high",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/4978-1/",
                    "reference_id": "USN-4978-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/4978-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/532385?format=api",
                    "purl": "pkg:apk/alpine/firefox@89.0-r0?arch=x86_64&distroversion=v3.18&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@89.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2021-29960"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7knr-6rqg-8kcw"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31115?format=api",
            "vulnerability_id": "VCID-dedv-96fb-vyhp",
            "summary": "Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.",
            "references": [
                {
                    "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29967.json",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv3",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                        }
                    ],
                    "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29967.json"
                },
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29967",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00365",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58536",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00365",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58521",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00365",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58538",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00365",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58519",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00365",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58499",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00365",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58531",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00365",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58386",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00365",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58471",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00365",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58491",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00365",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58463",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00365",
                            "scoring_system": "epss",
                            "scoring_elements": "0.58515",
                            "published_at": "2026-04-08T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29967"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29956",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29956"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29957",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29957"
                },
                {
                    "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29967"
                },
                {
                    "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966831",
                    "reference_id": "1966831",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966831"
                },
                {
                    "reference_url": "https://security.archlinux.org/ASA-202106-22",
                    "reference_id": "ASA-202106-22",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.archlinux.org/ASA-202106-22"
                },
                {
                    "reference_url": "https://security.archlinux.org/ASA-202106-3",
                    "reference_id": "ASA-202106-3",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.archlinux.org/ASA-202106-3"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2018",
                    "reference_id": "AVG-2018",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "High",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2018"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2035",
                    "reference_id": "AVG-2035",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "High",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2035"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/202208-14",
                    "reference_id": "GLSA-202208-14",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/202208-14"
                },
                {
                    "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23",
                    "reference_id": "mfsa2021-23",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "high",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23"
                },
                {
                    "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-24",
                    "reference_id": "mfsa2021-24",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "none",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-24"
                },
                {
                    "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-26",
                    "reference_id": "mfsa2021-26",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "none",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-26"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:2206",
                    "reference_id": "RHSA-2021:2206",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:2206"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:2208",
                    "reference_id": "RHSA-2021:2208",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:2208"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:2214",
                    "reference_id": "RHSA-2021:2214",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:2214"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:2233",
                    "reference_id": "RHSA-2021:2233",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:2233"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:2261",
                    "reference_id": "RHSA-2021:2261",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:2261"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:2262",
                    "reference_id": "RHSA-2021:2262",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:2262"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:2263",
                    "reference_id": "RHSA-2021:2263",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:2263"
                },
                {
                    "reference_url": "https://access.redhat.com/errata/RHSA-2021:2264",
                    "reference_id": "RHSA-2021:2264",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://access.redhat.com/errata/RHSA-2021:2264"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/4978-1/",
                    "reference_id": "USN-4978-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/4978-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/4995-1/",
                    "reference_id": "USN-4995-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/4995-1/"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/4995-2/",
                    "reference_id": "USN-4995-2",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/4995-2/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/532385?format=api",
                    "purl": "pkg:apk/alpine/firefox@89.0-r0?arch=x86_64&distroversion=v3.18&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@89.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2021-29967"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dedv-96fb-vyhp"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63230?format=api",
            "vulnerability_id": "VCID-s9ss-vz54-j3ha",
            "summary": "Address bar search suggestions in private browsing mode were re-using session data from normal mode.\n*This bug only affects Firefox for Android. Other operating systems are unaffected.*",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29963",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00143",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34639",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00143",
                            "scoring_system": "epss",
                            "scoring_elements": "0.3448",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00143",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34615",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00143",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34652",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00143",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34698",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00143",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34724",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00143",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34602",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00143",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34645",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00143",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34674",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00143",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34678",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00143",
                            "scoring_system": "epss",
                            "scoring_elements": "0.34638",
                            "published_at": "2026-04-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29963"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2019",
                    "reference_id": "AVG-2019",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "High",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2019"
                },
                {
                    "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23",
                    "reference_id": "mfsa2021-23",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "high",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/532385?format=api",
                    "purl": "pkg:apk/alpine/firefox@89.0-r0?arch=x86_64&distroversion=v3.18&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@89.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2021-29963"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9ss-vz54-j3ha"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63231?format=api",
            "vulnerability_id": "VCID-sbyn-4c25-h7gz",
            "summary": "Firefox for Android would become unstable and hard-to-recover when a website opened too many popups.\n*This bug only affects Firefox for Android. Other operating systems are unaffected.*",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29962",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00399",
                            "scoring_system": "epss",
                            "scoring_elements": "0.60673",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00399",
                            "scoring_system": "epss",
                            "scoring_elements": "0.605",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00399",
                            "scoring_system": "epss",
                            "scoring_elements": "0.60625",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00399",
                            "scoring_system": "epss",
                            "scoring_elements": "0.60667",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00399",
                            "scoring_system": "epss",
                            "scoring_elements": "0.60574",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00399",
                            "scoring_system": "epss",
                            "scoring_elements": "0.60602",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00399",
                            "scoring_system": "epss",
                            "scoring_elements": "0.60571",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00399",
                            "scoring_system": "epss",
                            "scoring_elements": "0.6062",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00399",
                            "scoring_system": "epss",
                            "scoring_elements": "0.60636",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00399",
                            "scoring_system": "epss",
                            "scoring_elements": "0.6066",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00399",
                            "scoring_system": "epss",
                            "scoring_elements": "0.60645",
                            "published_at": "2026-04-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29962"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2019",
                    "reference_id": "AVG-2019",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "High",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2019"
                },
                {
                    "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23",
                    "reference_id": "mfsa2021-23",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "high",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/532385?format=api",
                    "purl": "pkg:apk/alpine/firefox@89.0-r0?arch=x86_64&distroversion=v3.18&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@89.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2021-29962"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbyn-4c25-h7gz"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49748?format=api",
            "vulnerability_id": "VCID-vysb-zn1g-tuf5",
            "summary": "Multiple vulnerabilities have been found in Mozilla Firefox, the\n    worst of which could result in the arbitrary execution of code.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29966",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00467",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64501",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00467",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64372",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00467",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64455",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00467",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64489",
                            "published_at": "2026-04-16T12:55:00Z"
                        },
                        {
                            "value": "0.00467",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64426",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00467",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64456",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00467",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64415",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00467",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64464",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00467",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64479",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00467",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64495",
                            "published_at": "2026-04-11T12:55:00Z"
                        },
                        {
                            "value": "0.00467",
                            "scoring_system": "epss",
                            "scoring_elements": "0.64483",
                            "published_at": "2026-04-12T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29966"
                },
                {
                    "reference_url": "https://security.archlinux.org/ASA-202106-3",
                    "reference_id": "ASA-202106-3",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.archlinux.org/ASA-202106-3"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2018",
                    "reference_id": "AVG-2018",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "High",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2018"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/202107-09",
                    "reference_id": "GLSA-202107-09",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/202107-09"
                },
                {
                    "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23",
                    "reference_id": "mfsa2021-23",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "high",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/4978-1/",
                    "reference_id": "USN-4978-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/4978-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/532385?format=api",
                    "purl": "pkg:apk/alpine/firefox@89.0-r0?arch=x86_64&distroversion=v3.18&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@89.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2021-29966"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vysb-zn1g-tuf5"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49745?format=api",
            "vulnerability_id": "VCID-y2pv-1tm3-nqak",
            "summary": "Multiple vulnerabilities have been found in Mozilla Firefox, the\n    worst of which could result in the arbitrary execution of code.",
            "references": [
                {
                    "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29959",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54757",
                            "published_at": "2026-04-18T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54631",
                            "published_at": "2026-04-01T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54738",
                            "published_at": "2026-04-12T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54716",
                            "published_at": "2026-04-13T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54701",
                            "published_at": "2026-04-02T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54724",
                            "published_at": "2026-04-04T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54694",
                            "published_at": "2026-04-07T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54746",
                            "published_at": "2026-04-08T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54742",
                            "published_at": "2026-04-09T12:55:00Z"
                        },
                        {
                            "value": "0.00316",
                            "scoring_system": "epss",
                            "scoring_elements": "0.54754",
                            "published_at": "2026-04-16T12:55:00Z"
                        }
                    ],
                    "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29959"
                },
                {
                    "reference_url": "https://security.archlinux.org/ASA-202106-3",
                    "reference_id": "ASA-202106-3",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.archlinux.org/ASA-202106-3"
                },
                {
                    "reference_url": "https://security.archlinux.org/AVG-2018",
                    "reference_id": "AVG-2018",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "High",
                            "scoring_system": "archlinux",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://security.archlinux.org/AVG-2018"
                },
                {
                    "reference_url": "https://security.gentoo.org/glsa/202107-09",
                    "reference_id": "GLSA-202107-09",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://security.gentoo.org/glsa/202107-09"
                },
                {
                    "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23",
                    "reference_id": "mfsa2021-23",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "high",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-23"
                },
                {
                    "reference_url": "https://usn.ubuntu.com/4978-1/",
                    "reference_id": "USN-4978-1",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://usn.ubuntu.com/4978-1/"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/532385?format=api",
                    "purl": "pkg:apk/alpine/firefox@89.0-r0?arch=x86_64&distroversion=v3.18&reponame=community",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@89.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"
                }
            ],
            "aliases": [
                "CVE-2021-29959"
            ],
            "risk_score": 4.0,
            "exploitability": "0.5",
            "weighted_severity": "8.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y2pv-1tm3-nqak"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@89.0-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"
}

Package Instance