Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/66631?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/66631?format=api", "purl": "pkg:gem/activesupport@7.0.7.1", "type": "gem", "namespace": "", "name": "activesupport", "version": "7.0.7.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45905?format=api", "vulnerability_id": "VCID-usar-ms97-kbep", "summary": "Active Support Possibly Discloses Locally Encrypted Files\nThere is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037.\n\nVersions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5", "references": [ { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.7.1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/releases/tag/v7.0.7.1" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250214-0010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20250214-0010" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38037", "reference_id": "CVE-2023-38037", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38037" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml", "reference_id": "CVE-2023-38037.YML", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml" }, { "reference_url": "https://github.com/advisories/GHSA-cr5q-6q9f-rq6q", "reference_id": "GHSA-cr5q-6q9f-rq6q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cr5q-6q9f-rq6q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66630?format=api", "purl": "pkg:gem/activesupport@6.1.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@6.1.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/66631?format=api", "purl": "pkg:gem/activesupport@7.0.7.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.7.1" } ], "aliases": [ "CVE-2023-38037", "GHSA-cr5q-6q9f-rq6q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-usar-ms97-kbep" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/activesupport@7.0.7.1" }