Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/72874?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/72874?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@17.0.0-rc-1", "type": "maven", "namespace": "org.xwiki.platform", "name": "xwiki-platform-rest-server", "version": "17.0.0-rc-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "17.4.2", "latest_non_vulnerable_version": "17.7.0-rc-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49396?format=api", "vulnerability_id": "VCID-v5ur-bju7-2fc4", "summary": "XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis\nXWiki's REST API doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of pages in the wiki and the memory configuration, this can lead to slowness and unavailability of the wiki. As an example, the `/rest/wikis/xwiki/spaces` resource returns all spaces on the wiki by default, which are basically all pages.", "references": [ { "reference_url": "https://github.com/xwiki/xwiki-platform", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/xwiki/xwiki-platform" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/commit/e3c47745195fb445b054537be86f5c01ee69558b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/xwiki/xwiki-platform/commit/e3c47745195fb445b054537be86f5c01ee69558b" }, { "reference_url": "https://jira.xwiki.org/browse/XWIKI-23355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://jira.xwiki.org/browse/XWIKI-23355" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66473", "reference_id": "CVE-2025-66473", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66473" }, { "reference_url": "https://github.com/advisories/GHSA-cc84-q3v3-mhgf", "reference_id": "GHSA-cc84-q3v3-mhgf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cc84-q3v3-mhgf" }, { "reference_url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cc84-q3v3-mhgf", "reference_id": "GHSA-cc84-q3v3-mhgf", "reference_type": "", "scores": [], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cc84-q3v3-mhgf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72877?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@17.4.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@17.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/72878?format=api", "purl": "pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@17.7.0-rc-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@17.7.0-rc-1" } ], "aliases": [ "CVE-2025-66473", "GHSA-cc84-q3v3-mhgf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v5ur-bju7-2fc4" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.xwiki.platform/xwiki-platform-rest-server@17.0.0-rc-1" }