Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/61745?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/61745?format=api", "purl": "pkg:maven/org.jvnet.hudson.plugins/perforce@1.3.36", "type": "maven", "namespace": "org.jvnet.hudson.plugins", "name": "perforce", "version": "1.3.36", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12263?format=api", "vulnerability_id": "VCID-tf2r-c17z-cqh7", "summary": "Information Exposure\nAn exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26544", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000145" }, { "reference_url": "https://github.com/jenkinsci/perforce-plugin", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jenkinsci/perforce-plugin" }, { "reference_url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-373", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-373" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000145", "reference_id": "CVE-2018-1000145", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000145" }, { "reference_url": "https://github.com/advisories/GHSA-cwxx-gwwj-pqjq", "reference_id": "GHSA-cwxx-gwwj-pqjq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cwxx-gwwj-pqjq" } ], "fixed_packages": [], "aliases": [ "CVE-2018-1000145", "GHSA-cwxx-gwwj-pqjq" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tf2r-c17z-cqh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16412?format=api", "vulnerability_id": "VCID-usa5-a7x7-7yej", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nAn exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52982", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000147" }, { "reference_url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000147", "reference_id": "CVE-2018-1000147", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000147" }, { "reference_url": "https://github.com/advisories/GHSA-jrhw-r343-pjwj", "reference_id": "GHSA-jrhw-r343-pjwj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jrhw-r343-pjwj" } ], "fixed_packages": [], "aliases": [ "CVE-2018-1000147", "GHSA-jrhw-r343-pjwj" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-usa5-a7x7-7yej" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jvnet.hudson.plugins/perforce@1.3.36" }