Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63083?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63083?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.15.1", "type": "composer", "namespace": "mantisbt", "name": "mantisbt", "version": "2.15.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.25.0", "latest_non_vulnerable_version": "2.28.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112383?format=api", "vulnerability_id": "VCID-jqsn-z754-57ek", "summary": "MantisBT unauthorized users able to access private files\nAn issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.", "references": [ { "reference_url": "http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516e93", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/mantisbt/mantisbt/commit/5595c90f11c48164331a20bb9c66098980516e93" }, { "reference_url": "http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f578fe", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/mantisbt/mantisbt/commit/9de20c09e5a557e57159a61657ce62f1a4f578fe" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49442", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49381", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25781" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=27039", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=27039" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25781", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25781" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150408?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8hsn-cvrk-1uh5" }, { "vulnerability": "VCID-w3u1-um27-1uay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.24.3" } ], "aliases": [ "CVE-2020-25781", "GHSA-xjmx-cprh-646r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqsn-z754-57ek" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43899?format=api", "vulnerability_id": "VCID-dy4y-w8g5-9udt", "summary": "MantisBT allows XSS on the Edit Filter page via crafted filter name\nAn issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar\" onclick=\"alert(1)').", "references": [ { "reference_url": "http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65559", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00482", "scoring_system": "epss", "scoring_elements": "0.65507", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14504" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://mantisbt.org/blog/archives/mantisbt/602", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/blog/archives/mantisbt/602" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=24608", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=24608" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14504", "reference_id": "CVE-2018-14504", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14504" }, { "reference_url": "https://github.com/advisories/GHSA-74gh-5j33-vg4w", "reference_id": "GHSA-74gh-5j33-vg4w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-74gh-5j33-vg4w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63083?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jqsn-z754-57ek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.15.1" } ], "aliases": [ "CVE-2018-14504", "GHSA-74gh-5j33-vg4w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dy4y-w8g5-9udt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44042?format=api", "vulnerability_id": "VCID-x9k5-hczy-u3cd", "summary": "MantisBT allows XSS via View Filters page\nA cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.", "references": [ { "reference_url": "http://github.com/mantisbt/mantisbt/commit/4efac90ed89a5c009108b641e2e95683791a165a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/mantisbt/mantisbt/commit/4efac90ed89a5c009108b641e2e95683791a165a" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57725", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57674", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13055" }, { "reference_url": "https://github.com/mantisbt/mantisbt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mantisbt/mantisbt" }, { "reference_url": "https://mantisbt.org/blog/archives/mantisbt/602", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/blog/archives/mantisbt/602" }, { "reference_url": "https://mantisbt.org/bugs/view.php?id=24580", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mantisbt.org/bugs/view.php?id=24580" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13055", "reference_id": "CVE-2018-13055", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13055" }, { "reference_url": "https://github.com/advisories/GHSA-mjp7-97w4-jwhc", "reference_id": "GHSA-mjp7-97w4-jwhc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mjp7-97w4-jwhc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63083?format=api", "purl": "pkg:composer/mantisbt/mantisbt@2.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jqsn-z754-57ek" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.15.1" } ], "aliases": [ "CVE-2018-13055", "GHSA-mjp7-97w4-jwhc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9k5-hczy-u3cd" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mantisbt/mantisbt@2.15.1" }