Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/640874?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/640874?format=api", "purl": "pkg:deb/debian/librsvg@2.44.10-2.1%2Bdeb10u3", "type": "deb", "namespace": "debian", "name": "librsvg", "version": "2.44.10-2.1+deb10u3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.50.3+dfsg-1+deb11u1", "latest_non_vulnerable_version": "2.50.3+dfsg-1+deb11u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77088?format=api", "vulnerability_id": "VCID-h9d3-z4h6-7fh8", "summary": "A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=\".?../../../../../../../../../../etc/passwd\" in an xi:include element.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38633.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38633.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43614", "scoring_system": "epss", "scoring_elements": "0.97591", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38633" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041810", "reference_id": "1041810", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041810" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224945", "reference_id": "2224945", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224945" }, { "reference_url": "https://security.gentoo.org/glsa/202408-14", "reference_id": "GLSA-202408-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4809", "reference_id": "RHSA-2023:4809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4809" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5081", "reference_id": "RHSA-2023:5081", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5081" }, { "reference_url": "https://usn.ubuntu.com/6266-1/", "reference_id": "USN-6266-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6266-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/640875?format=api", "purl": "pkg:deb/debian/librsvg@2.50.3%2Bdfsg-1%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/librsvg@2.50.3%252Bdfsg-1%252Bdeb11u1" } ], "aliases": [ "CVE-2023-38633" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9d3-z4h6-7fh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77087?format=api", "vulnerability_id": "VCID-n5w7-52b2-zffj", "summary": "In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20446.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20446.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0133", "scoring_system": "epss", "scoring_elements": "0.80282", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0133", "scoring_system": "epss", "scoring_elements": "0.80307", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20446" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797608", "reference_id": "1797608", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797608" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4709", "reference_id": "RHSA-2020:4709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4709" }, { "reference_url": "https://usn.ubuntu.com/4436-1/", "reference_id": "USN-4436-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4436-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/640875?format=api", "purl": "pkg:deb/debian/librsvg@2.50.3%2Bdfsg-1%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/librsvg@2.50.3%252Bdfsg-1%252Bdeb11u1" } ], "aliases": [ "CVE-2019-20446" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n5w7-52b2-zffj" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/librsvg@2.44.10-2.1%252Bdeb10u3" }