Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/5429?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/5429?format=api", "purl": "pkg:deb/debian/lxml@3.7.1-1", "type": "deb", "namespace": "debian", "name": "lxml", "version": "3.7.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.3.2-1+deb10u4", "latest_non_vulnerable_version": "4.3.2-1+deb10u4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6959?format=api", "vulnerability_id": "VCID-47q5-tf6f-3kas", "summary": "cross-site scripting", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818" }, { "reference_url": "https://github.com/lxml/lxml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/lxml/lxml" }, { "reference_url": "https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a" }, { "reference_url": "https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776" }, { "reference_url": "https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0" }, { "reference_url": "https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-852.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2021-852.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44" }, { "reference_url": "https://security.gentoo.org/glsa/202208-06", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-06" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220107-0005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220107-0005" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2022/dsa-5043" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://security.archlinux.org/AVG-2629", "reference_id": "AVG-2629", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2629" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43818", "reference_id": "CVE-2021-43818", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43818" }, { "reference_url": "https://github.com/advisories/GHSA-55x5-fj6c-h6m8", "reference_id": "GHSA-55x5-fj6c-h6m8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-55x5-fj6c-h6m8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5430?format=api", "purl": "pkg:deb/debian/lxml@4.3.2-1%2Bdeb10u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxml@4.3.2-1%252Bdeb10u4" } ], "aliases": [ "CVE-2021-43818", "GHSA-55x5-fj6c-h6m8", "PYSEC-2021-852" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47q5-tf6f-3kas" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/lxml@3.7.1-1" }