Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/54176?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/54176?format=api", "purl": "pkg:composer/drupal/core@8.5.0-alpha0", "type": "composer", "namespace": "drupal", "name": "core", "version": "8.5.0-alpha0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.5.11", "latest_non_vulnerable_version": "11.2.8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12226?format=api", "vulnerability_id": "VCID-51ze-a1zm-ukey", "summary": "XSS Vulnerability\nCKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the `image2` plugin.", "references": [ { "reference_url": "https://www.drupal.org/sa-core-2018-003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.drupal.org/sa-core-2018-003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54178?format=api", "purl": "pkg:composer/drupal/core@8.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-163u-tpj9-skc5" }, { "vulnerability": "VCID-1jfe-j1fz-juec" }, { "vulnerability": "VCID-1xsh-7f63-v3df" }, { "vulnerability": "VCID-49e1-axzk-3bdq" }, { "vulnerability": "VCID-4p5n-ujzt-qfdx" }, { "vulnerability": "VCID-5821-1xss-8fdu" }, { "vulnerability": "VCID-5qvn-f9d3-kygg" }, { "vulnerability": "VCID-5txj-xsnq-ducf" }, { "vulnerability": "VCID-757r-nv73-gfhg" }, { "vulnerability": "VCID-795n-caf2-fbcq" }, { "vulnerability": "VCID-7qhc-n6hc-ukbu" }, { "vulnerability": "VCID-b2x6-54c3-jqa2" }, { "vulnerability": "VCID-e8mp-5awh-eybz" }, { "vulnerability": "VCID-f687-ubdn-37en" }, { "vulnerability": "VCID-h6c2-e5qv-myg8" }, { "vulnerability": "VCID-h93x-dbpr-q7cz" }, { "vulnerability": "VCID-j2g3-u36y-nqdv" }, { "vulnerability": "VCID-j545-f44v-w3cn" }, { "vulnerability": "VCID-j59x-5swn-fuga" }, { "vulnerability": "VCID-jgec-wuca-bbf1" }, { "vulnerability": "VCID-n6tq-72g7-afdg" }, { "vulnerability": "VCID-nfzm-eyht-kkb1" }, { "vulnerability": "VCID-ngmk-qxmz-gkdz" }, { "vulnerability": "VCID-phkw-q4nd-m7hh" }, { "vulnerability": "VCID-pyjy-13mt-cyck" }, { "vulnerability": "VCID-re2h-u5bk-wqbw" }, { "vulnerability": "VCID-s6ek-bjnx-9fc1" }, { "vulnerability": "VCID-swh1-rvuw-jqfx" }, { "vulnerability": "VCID-vby4-6r8z-6qgy" }, { "vulnerability": "VCID-yy7m-f66v-fbhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.2" } ], "aliases": [ "SA-CORE-2018-003" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-51ze-a1zm-ukey" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.5.0-alpha0" }