Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/65678?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/65678?format=api", "purl": "pkg:npm/semver@7.5.2", "type": "npm", "namespace": "", "name": "semver", "version": "7.5.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45463?format=api", "vulnerability_id": "VCID-hu38-keee-9uaz", "summary": "semver vulnerable to Regular Expression Denial of Service\nVersions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.", "references": [ { "reference_url": "https://github.com/npm/node-semver", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver" }, { "reference_url": "https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104" }, { "reference_url": "https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/blob/main/classes/range.js#L97-L104" }, { "reference_url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L138", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L138" }, { "reference_url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L160" }, { "reference_url": "https://github.com/npm/node-semver/blob/main/internal/re.js#L138", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/blob/main/internal/re.js#L138" }, { "reference_url": "https://github.com/npm/node-semver/blob/main/internal/re.js#L160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/blob/main/internal/re.js#L160" }, { "reference_url": "https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/commit/2f8fd41487acf380194579ecb6f8b1bbfe116be0" }, { "reference_url": "https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441" }, { "reference_url": "https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/commit/928e56d21150da0413a3333a3148b20e741a920c" }, { "reference_url": "https://github.com/npm/node-semver/pull/564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/pull/564" }, { "reference_url": "https://github.com/npm/node-semver/pull/585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/pull/585" }, { "reference_url": "https://github.com/npm/node-semver/pull/593", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/npm/node-semver/pull/593" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241025-0004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20241025-0004" }, { "reference_url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883", "reference_id": "CVE-2022-25883", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883" }, { "reference_url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw", "reference_id": "GHSA-c2qf-rxjj-qqgw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65680?format=api", "purl": "pkg:npm/semver@5.7.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/semver@5.7.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/65679?format=api", "purl": "pkg:npm/semver@6.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/semver@6.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/65678?format=api", "purl": "pkg:npm/semver@7.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/semver@7.5.2" } ], "aliases": [ "CVE-2022-25883", "GHSA-c2qf-rxjj-qqgw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hu38-keee-9uaz" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/semver@7.5.2" }