Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/69643?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/69643?format=api", "purl": "pkg:pypi/voila@0.5.6", "type": "pypi", "namespace": "", "name": "voila", "version": "0.5.6", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47398?format=api", "vulnerability_id": "VCID-xb4c-rkr2-uyap", "summary": "Voilà Local file inclusion\nAny deployment of voilà dashboard allow local file inclusion, that is to say any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server.\n\nWhether this still requires authentication depends on how voilà is deployed.", "references": [ { "reference_url": "https://github.com/voila-dashboards/voila", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/voila-dashboards/voila" }, { "reference_url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52" }, { "reference_url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67" }, { "reference_url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2" }, { "reference_url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8" }, { "reference_url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30265", "reference_id": "CVE-2024-30265", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30265" }, { "reference_url": "https://github.com/advisories/GHSA-2q59-h24c-w6fg", "reference_id": "GHSA-2q59-h24c-w6fg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2q59-h24c-w6fg" }, { "reference_url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg", "reference_id": "GHSA-2q59-h24c-w6fg", "reference_type": "", "scores": [], "url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69640?format=api", "purl": "pkg:pypi/voila@0.2.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/voila@0.2.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/69641?format=api", "purl": "pkg:pypi/voila@0.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/voila@0.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/69642?format=api", "purl": "pkg:pypi/voila@0.4.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/voila@0.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/69643?format=api", "purl": "pkg:pypi/voila@0.5.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/voila@0.5.6" } ], "aliases": [ "CVE-2024-30265", "GHSA-2q59-h24c-w6fg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xb4c-rkr2-uyap" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/voila@0.5.6" }