Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62312?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62312?format=api", "purl": "pkg:pypi/nova@14.0.0", "type": "pypi", "namespace": "", "name": "nova", "version": "14.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "14.0.5", "latest_non_vulnerable_version": "2015.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43462?format=api", "vulnerability_id": "VCID-svtk-epku-sqe1", "summary": "OpenStack Nova Filter Scheduler Bypass\nIn OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0241", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0314", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0369", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0369" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16239.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16239", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.6007", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16239" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/698b261a5a2a6c0f31ef5059046ef7196d5cba30" }, { "reference_url": "https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/984dd8ad6add4523d93c7ce5a666a32233e02e34" }, { "reference_url": "https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/9e2d63da94db63d97bd02e373bfc53d95808b833" }, { "reference_url": "https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/b72105c1c49fcddc94992af63fc2f8078023491a" }, { "reference_url": "https://launchpad.net/bugs/1664931", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1664931" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2017-005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2017-005.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4056", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2017/dsa-4056" }, { "reference_url": "http://www.securityfocus.com/bid/101950", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/101950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508539", "reference_id": "1508539", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1508539" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009", "reference_id": "882009", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882009" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16239", "reference_id": "CVE-2017-16239", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16239" }, { "reference_url": "https://github.com/advisories/GHSA-w2wf-cgwh-vpqg", "reference_id": "GHSA-w2wf-cgwh-vpqg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w2wf-cgwh-vpqg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62315?format=api", "purl": "pkg:pypi/nova@14.0.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@14.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62314?format=api", "purl": "pkg:pypi/nova@15.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@15.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62313?format=api", "purl": "pkg:pypi/nova@16.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@16.0.3" } ], "aliases": [ "CVE-2017-16239", "GHSA-w2wf-cgwh-vpqg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svtk-epku-sqe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44000?format=api", "vulnerability_id": "VCID-wn3h-y5yh-bbb3", "summary": "OpenStack Nova logs sensitive context from notification exceptions\nAn issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1508", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1595", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1595" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7214.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01297", "scoring_system": "epss", "scoring_elements": "0.80043", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7214" }, { "reference_url": "https://github.com/openstack/nova", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova" }, { "reference_url": "https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a" }, { "reference_url": "https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c" }, { "reference_url": "https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a" }, { "reference_url": "https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598" }, { "reference_url": "https://launchpad.net/bugs/1673569", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1673569" }, { "reference_url": "http://www.securityfocus.com/bid/96998", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/96998" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434844", "reference_id": "1434844", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434844" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568", "reference_id": "858568", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858568" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7214", "reference_id": "CVE-2017-7214", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7214" }, { "reference_url": "https://github.com/advisories/GHSA-f4g4-cj8f-3cr9", "reference_id": "GHSA-f4g4-cj8f-3cr9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f4g4-cj8f-3cr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63256?format=api", "purl": "pkg:pypi/nova@14.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@14.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/63257?format=api", "purl": "pkg:pypi/nova@15.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@15.0.2" } ], "aliases": [ "CVE-2017-7214", "GHSA-f4g4-cj8f-3cr9" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wn3h-y5yh-bbb3" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nova@14.0.0" }