Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/548470?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/548470?format=api", "purl": "pkg:composer/tastyigniter/tastyigniter@3.1.0-rc.1", "type": "composer", "namespace": "tastyigniter", "name": "tastyigniter", "version": "3.1.0-rc.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.0.0", "latest_non_vulnerable_version": "4.0.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208696?format=api", "vulnerability_id": "VCID-a8zm-bndw-r3hd", "summary": "Cross-site Scripting in TastyIgniter", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0602", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43782", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43626", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0602" }, { "reference_url": "https://github.com/tastyigniter/tastyigniter/commit/992d4ce6444805c3132e3635a01b6fd222063554", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tastyigniter/tastyigniter/commit/992d4ce6444805c3132e3635a01b6fd222063554" }, { "reference_url": "https://huntr.dev/bounties/615f1788-d474-4580-b0ef-5edd50274010", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/615f1788-d474-4580-b0ef-5edd50274010" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0602", "reference_id": "CVE-2022-0602", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0602" }, { "reference_url": "https://github.com/advisories/GHSA-cjw5-f2x5-r4q5", "reference_id": "GHSA-cjw5-f2x5-r4q5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cjw5-f2x5-r4q5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20022?format=api", "purl": "pkg:composer/tastyigniter/tastyigniter@3.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q67j-bj4z-f3hm" }, { "vulnerability": "VCID-tqrk-yteb-j3f1" }, { "vulnerability": "VCID-vm6f-6j76-9yby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tastyigniter/tastyigniter@3.3.0" } ], "aliases": [ "CVE-2022-0602", "GHSA-cjw5-f2x5-r4q5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8zm-bndw-r3hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36121?format=api", "vulnerability_id": "VCID-q67j-bj4z-f3hm", "summary": "TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-44314", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2685", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.27051", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-44314" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44314", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44314" }, { "reference_url": "https://medium.com/@cnetsec/cve-2024-44314-incorrect-access-control-in-function-updateorder-fc5f2b1b0467", "reference_id": "cve-2024-44314-incorrect-access-control-in-function-updateorder-fc5f2b1b0467", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T15:00:11Z/" } ], "url": "https://medium.com/@cnetsec/cve-2024-44314-incorrect-access-control-in-function-updateorder-fc5f2b1b0467" }, { "reference_url": "https://github.com/advisories/GHSA-w5h7-mw56-4v7x", "reference_id": "GHSA-w5h7-mw56-4v7x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w5h7-mw56-4v7x" }, { "reference_url": "https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php", "reference_id": "Orders.php", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T15:00:11Z/" } ], "url": "https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377964?format=api", "purl": "pkg:composer/tastyigniter/tastyigniter@4.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tastyigniter/tastyigniter@4.0.0" } ], "aliases": [ "CVE-2024-44314", "GHSA-w5h7-mw56-4v7x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q67j-bj4z-f3hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35892?format=api", "vulnerability_id": "VCID-tqrk-yteb-j3f1", "summary": "TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-44313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0124", "scoring_system": "epss", "scoring_elements": "0.79658", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0124", "scoring_system": "epss", "scoring_elements": "0.79724", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-44313" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44313", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44313" }, { "reference_url": "https://medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74", "reference_id": "cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-25T18:16:13Z/" } ], "url": "https://medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74" }, { "reference_url": "https://github.com/advisories/GHSA-gg2f-r4jh-vpmh", "reference_id": "GHSA-gg2f-r4jh-vpmh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gg2f-r4jh-vpmh" }, { "reference_url": "https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php", "reference_id": "Orders.php", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-25T18:16:13Z/" } ], "url": "https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377964?format=api", "purl": "pkg:composer/tastyigniter/tastyigniter@4.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tastyigniter/tastyigniter@4.0.0" } ], "aliases": [ "CVE-2024-44313", "GHSA-gg2f-r4jh-vpmh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tqrk-yteb-j3f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/127954?format=api", "vulnerability_id": "VCID-vm6f-6j76-9yby", "summary": "Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to perform unauthorized actions such as modifying the admin account credentials.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25713", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25513", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-61417" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61417", "reference_id": "CVE-2025-61417", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61417" }, { "reference_url": "https://github.com/advisories/GHSA-4vrf-42cm-7xfw", "reference_id": "GHSA-4vrf-42cm-7xfw", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4vrf-42cm-7xfw" }, { "reference_url": "https://github.com/mg7-x/CVEs/blob/main/CVE-2025-61417/README.md", "reference_id": "README.md", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-20T15:36:18Z/" } ], "url": "https://github.com/mg7-x/CVEs/blob/main/CVE-2025-61417/README.md" }, { "reference_url": "https://github.com/tastyigniter/TastyIgniter", "reference_id": "TastyIgniter", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "1.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-10-20T15:36:18Z/" } ], "url": "https://github.com/tastyigniter/TastyIgniter" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/787823?format=api", "purl": "pkg:composer/tastyigniter/tastyigniter@4.0.0-beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q67j-bj4z-f3hm" }, { "vulnerability": "VCID-tqrk-yteb-j3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tastyigniter/tastyigniter@4.0.0-beta.1" } ], "aliases": [ "CVE-2025-61417", "GHSA-4vrf-42cm-7xfw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vm6f-6j76-9yby" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tastyigniter/tastyigniter@3.1.0-rc.1" }