Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/549236?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/549236?format=api", "purl": "pkg:apk/alpine/expat@2.4.9-r0?arch=aarch64&distroversion=v3.14&reponame=main", "type": "apk", "namespace": "alpine", "name": "expat", "version": "2.4.9-r0", "qualifiers": { "arch": "aarch64", "distroversion": "v3.14", "reponame": "main" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.5.0-r0", "latest_non_vulnerable_version": "2.5.0-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31417?format=api", "vulnerability_id": "VCID-pba8-g9ts-43bw", "summary": "Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40674.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40674.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77949", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77888", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77861", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77951", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77913", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.7793", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77903", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77898", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.77871", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019761", "reference_id": "1019761", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019761" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130769", "reference_id": "2130769", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130769" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/629", "reference_id": "629", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/629" }, { "reference_url": "https://github.com/libexpat/libexpat/pull/640", "reference_id": "640", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://github.com/libexpat/libexpat/pull/640" }, { "reference_url": "https://security.archlinux.org/AVG-2815", "reference_id": "AVG-2815", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2815" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5236", "reference_id": "dsa-5236", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5236" }, { "reference_url": "https://security.gentoo.org/glsa/202209-24", "reference_id": "GLSA-202209-24", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://security.gentoo.org/glsa/202209-24" }, { "reference_url": "https://security.gentoo.org/glsa/202211-06", "reference_id": "GLSA-202211-06", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://security.gentoo.org/glsa/202211-06" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/", "reference_id": "GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/", "reference_id": "J2IGJNHFV53PYST7VQV3T4NHVYAMXA36", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/", "reference_id": "LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-47", "reference_id": "mfsa2022-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-47" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html", "reference_id": "msg00029.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221028-0008/", "reference_id": "ntap-20221028-0008", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221028-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6831", "reference_id": "RHSA-2022:6831", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6831" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6832", "reference_id": "RHSA-2022:6832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6833", "reference_id": "RHSA-2022:6833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6834", "reference_id": "RHSA-2022:6834", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6834" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6838", "reference_id": "RHSA-2022:6838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6878", "reference_id": "RHSA-2022:6878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6921", "reference_id": "RHSA-2022:6921", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6921" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6967", "reference_id": "RHSA-2022:6967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6995", "reference_id": "RHSA-2022:6995", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6995" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6996", "reference_id": "RHSA-2022:6996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6997", "reference_id": "RHSA-2022:6997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6998", "reference_id": "RHSA-2022:6998", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7019", "reference_id": "RHSA-2022:7019", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7020", "reference_id": "RHSA-2022:7020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7021", "reference_id": "RHSA-2022:7021", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7022", "reference_id": "RHSA-2022:7022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7023", "reference_id": "RHSA-2022:7023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7024", "reference_id": "RHSA-2022:7024", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7025", "reference_id": "RHSA-2022:7025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7026", "reference_id": "RHSA-2022:7026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8598", "reference_id": "RHSA-2022:8598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3068", "reference_id": "RHSA-2023:3068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3068" }, { "reference_url": "https://usn.ubuntu.com/5638-1/", "reference_id": "USN-5638-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-1/" }, { "reference_url": "https://usn.ubuntu.com/5638-2/", "reference_id": "USN-5638-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-2/" }, { "reference_url": "https://usn.ubuntu.com/5638-4/", "reference_id": "USN-5638-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5638-4/" }, { "reference_url": "https://usn.ubuntu.com/5726-1/", "reference_id": "USN-5726-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5726-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/", "reference_id": "WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/", "reference_id": "XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-30T19:17:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/549236?format=api", "purl": "pkg:apk/alpine/expat@2.4.9-r0?arch=aarch64&distroversion=v3.14&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/expat@2.4.9-r0%3Farch=aarch64&distroversion=v3.14&reponame=main" } ], "aliases": [ "CVE-2022-40674" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pba8-g9ts-43bw" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/expat@2.4.9-r0%3Farch=aarch64&distroversion=v3.14&reponame=main" }