Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/56869?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/56869?format=api", "purl": "pkg:maven/io.swagger/swagger-parser@1.0.31", "type": "maven", "namespace": "io.swagger", "name": "swagger-parser", "version": "1.0.31", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.0.31", "latest_non_vulnerable_version": "1.0.31", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39164?format=api", "vulnerability_id": "VCID-3a63-nqfg-37bj", "summary": "Deserialization of Untrusted Data\nA vulnerability in this package can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-parser/releases/tag/v1.0.31", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/swagger-api/swagger-parser/releases/tag/v1.0.31" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000208", "reference_id": "CVE-2017-1000208", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000208" }, { "reference_url": "https://github.com/advisories/GHSA-q7pf-qr96-2vq5", "reference_id": "GHSA-q7pf-qr96-2vq5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q7pf-qr96-2vq5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56869?format=api", "purl": "pkg:maven/io.swagger/swagger-parser@1.0.31", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.swagger/swagger-parser@1.0.31" } ], "aliases": [ "CVE-2017-1000208", "GHSA-q7pf-qr96-2vq5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3a63-nqfg-37bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39184?format=api", "vulnerability_id": "VCID-rz6y-9cgd-ska5", "summary": "Deserialization of Untrusted Data\nA vulnerability in this package can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.", "references": [ { "reference_url": "https://github.com/swagger-api/swagger-parser/pull/481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/swagger-api/swagger-parser/pull/481" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000207", "reference_id": "CVE-2017-1000207", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000207" }, { "reference_url": "https://github.com/advisories/GHSA-vgvf-9jh3-fg75", "reference_id": "GHSA-vgvf-9jh3-fg75", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vgvf-9jh3-fg75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56869?format=api", "purl": "pkg:maven/io.swagger/swagger-parser@1.0.31", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.swagger/swagger-parser@1.0.31" } ], "aliases": [ "CVE-2017-1000207", "GHSA-vgvf-9jh3-fg75" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rz6y-9cgd-ska5" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.swagger/swagger-parser@1.0.31" }