Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/53565?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/53565?format=api", "purl": "pkg:composer/squizlabs/php_codesniffer@3.0.1", "type": "composer", "namespace": "squizlabs", "name": "php_codesniffer", "version": "3.0.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38611?format=api", "vulnerability_id": "VCID-5sk2-ygqs-pbgh", "summary": "Shell command injection\nA properly crafted filename would allow for arbitrary code execution when using the `--filter=gitmodified` command line option", "references": [ { "reference_url": "https://github.com/squizlabs/PHP_CodeSniffer/commit/7ce7bb942f5667724e81a3ea99e805a30be6c05b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/squizlabs/PHP_CodeSniffer/commit/7ce7bb942f5667724e81a3ea99e805a30be6c05b" }, { "reference_url": "https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53565?format=api", "purl": "pkg:composer/squizlabs/php_codesniffer@3.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/squizlabs/php_codesniffer@3.0.1" } ], "aliases": [ "GMS-2017-132" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5sk2-ygqs-pbgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42790?format=api", "vulnerability_id": "VCID-f2su-dgp1-yyas", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA properly crafted filename would allow for arbitrary code execution when using the `--filter=gitmodified` command line option.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-05-18.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-05-18.yaml" }, { "reference_url": "https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1" }, { "reference_url": "https://github.com/advisories/GHSA-3988-h75v-hwf6", "reference_id": "GHSA-3988-h75v-hwf6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3988-h75v-hwf6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53565?format=api", "purl": "pkg:composer/squizlabs/php_codesniffer@3.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/squizlabs/php_codesniffer@3.0.1" } ], "aliases": [ "GHSA-3988-h75v-hwf6", "GMS-2022-513" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2su-dgp1-yyas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38619?format=api", "vulnerability_id": "VCID-hjjc-1dse-jqfm", "summary": "Code Injection\nArbitrary shell execution in php_codesniffer.", "references": [ { "reference_url": "https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53565?format=api", "purl": "pkg:composer/squizlabs/php_codesniffer@3.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/squizlabs/php_codesniffer@3.0.1" } ], "aliases": [ "GMS-2017-345" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjjc-1dse-jqfm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/squizlabs/php_codesniffer@3.0.1" }