Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/622463?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/622463?format=api", "purl": "pkg:npm/sweetalert2@11.3.0", "type": "npm", "namespace": "", "name": "sweetalert2", "version": "11.3.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "11.22.4", "latest_non_vulnerable_version": "11.22.4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110250?format=api", "vulnerability_id": "VCID-2m95-znw7-z3dp", "summary": "sweetalert2 v10.16.10 and above contains hidden functionality\n`sweetalert2` versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 10.0.0 - 10.16.9.\n\n### Workaround\nUse a version 10.0.0 - 10.16.9 of the package until the maintainer releases a fix.", "references": [ { "reference_url": "https://github.com/sweetalert2/sweetalert2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sweetalert2/sweetalert2" }, { "reference_url": "https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9" }, { "reference_url": "https://www.npmjs.com/package/sweetalert2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/package/sweetalert2" }, { "reference_url": "https://github.com/advisories/GHSA-457r-cqc8-9vj9", "reference_id": "GHSA-457r-cqc8-9vj9", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-457r-cqc8-9vj9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65959?format=api", "purl": "pkg:npm/sweetalert2@11.22.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sweetalert2@11.22.4" } ], "aliases": [ "GHSA-457r-cqc8-9vj9", "GMS-2022-7150" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2m95-znw7-z3dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110165?format=api", "vulnerability_id": "VCID-e11n-n7xy-afg7", "summary": "sweetalert2 v9.17.4 and above contains hidden functionality\n`sweetalert2` versions 9.17.4 and up until 10.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 9.0.0 - 9.17.3.\n\n### Workaround\nUsers who are unable to update to the fixed version (11.22.4) can use package versions 9.0.0-9.17.3, as they do not contain the hidden functionality.", "references": [ { "reference_url": "https://github.com/sweetalert2/sweetalert2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sweetalert2/sweetalert2" }, { "reference_url": "https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9" }, { "reference_url": "https://www.npmjs.com/package/sweetalert2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/package/sweetalert2" }, { "reference_url": "https://github.com/advisories/GHSA-pg98-6v7f-2xfv", "reference_id": "GHSA-pg98-6v7f-2xfv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pg98-6v7f-2xfv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65959?format=api", "purl": "pkg:npm/sweetalert2@11.22.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sweetalert2@11.22.4" } ], "aliases": [ "GHSA-pg98-6v7f-2xfv", "GMS-2022-7152" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e11n-n7xy-afg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110226?format=api", "vulnerability_id": "VCID-vreg-t4ry-effe", "summary": "sweetalert2 v8.19.1 and above contains hidden functionality\n`sweetalert2` versions 8.19.1 and up until 9.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions below 8.19.1.\n\n### Workaround\nUsers who are unable to update to the fixed version (11.22.4) can use package versions 8.19.0 and below, as they do not contain the hidden functionality.", "references": [ { "reference_url": "https://github.com/sweetalert2/sweetalert2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sweetalert2/sweetalert2" }, { "reference_url": "https://github.com/sweetalert2/sweetalert2/releases/tag/v11.22.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sweetalert2/sweetalert2/releases/tag/v11.22.4" }, { "reference_url": "https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sweetalert2/sweetalert2/releases/tag/v11.4.9" }, { "reference_url": "https://www.npmjs.com/package/sweetalert2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/package/sweetalert2" }, { "reference_url": "https://github.com/advisories/GHSA-8jh9-wqpf-q52c", "reference_id": "GHSA-8jh9-wqpf-q52c", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jh9-wqpf-q52c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65959?format=api", "purl": "pkg:npm/sweetalert2@11.22.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sweetalert2@11.22.4" } ], "aliases": [ "GHSA-8jh9-wqpf-q52c", "GMS-2022-7151" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vreg-t4ry-effe" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/sweetalert2@11.3.0" }