Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/60320?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/60320?format=api", "purl": "pkg:npm/ghost@4.39.1", "type": "npm", "namespace": "", "name": "ghost", "version": "4.39.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.42.1", "latest_non_vulnerable_version": "6.19.3", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15505?format=api", "vulnerability_id": "VCID-bjxb-y6ff-kuac", "summary": "Unrestricted Upload of File with Dangerous Type\nAn arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file.", "references": [ { "reference_url": "http://ghost.org/docs/security/#privilege-escalation-attacks", "reference_id": "", "reference_type": "", "scores": [], "url": "http://ghost.org/docs/security/#privilege-escalation-attacks" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27139", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06063", "scoring_system": "epss", "scoring_elements": "0.90883", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27139" }, { "reference_url": "https://youtu.be/FCqWEvir2wE", "reference_id": "", "reference_type": "", "scores": [], "url": "https://youtu.be/FCqWEvir2wE" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27139", "reference_id": "CVE-2022-27139", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27139" }, { "reference_url": "https://github.com/advisories/GHSA-fvc6-qjp7-m4g4", "reference_id": "GHSA-fvc6-qjp7-m4g4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fvc6-qjp7-m4g4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60320?format=api", "purl": "pkg:npm/ghost@4.39.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/ghost@4.39.1" } ], "aliases": [ "CVE-2022-27139", "GHSA-fvc6-qjp7-m4g4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjxb-y6ff-kuac" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/ghost@4.39.1" }