VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/61465?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/61465?format=api",
    "purl": "pkg:maven/org.owasp.antisamy/antisamy@1.6.7",
    "type": "maven",
    "namespace": "org.owasp.antisamy",
    "name": "antisamy",
    "version": "1.6.7",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": false,
    "next_non_vulnerable_version": "1.7.5",
    "latest_non_vulnerable_version": "1.7.5",
    "affected_by_vulnerabilities": [],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42952?format=api",
            "vulnerability_id": "VCID-x4jc-245z-vqac",
            "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nOWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.",
            "references": [
                {
                    "reference_url": "https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0"
                },
                {
                    "reference_url": "https://github.com/nahsra/antisamy/releases/tag/v1.6.7",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/nahsra/antisamy/releases/tag/v1.6.7"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29577",
                    "reference_id": "CVE-2022-29577",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29577"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-vp37-2f9p-3vr3",
                    "reference_id": "GHSA-vp37-2f9p-3vr3",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-vp37-2f9p-3vr3"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/61465?format=api",
                    "purl": "pkg:maven/org.owasp.antisamy/antisamy@1.6.7",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.owasp.antisamy/antisamy@1.6.7"
                }
            ],
            "aliases": [
                "CVE-2022-29577",
                "GHSA-vp37-2f9p-3vr3"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4jc-245z-vqac"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.owasp.antisamy/antisamy@1.6.7"
}

Package Instance