VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/72891?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/72891?format=api",
    "purl": "pkg:npm/%40auth0/nextjs-auth0@4.9.0",
    "type": "npm",
    "namespace": "@auth0",
    "name": "nextjs-auth0",
    "version": "4.9.0",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "4.11.2",
    "latest_non_vulnerable_version": "4.13.0",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49403?format=api",
            "vulnerability_id": "VCID-2k5w-d437-ebhy",
            "summary": "Improper Validation of Query Parameters in Auth0 Next.js SDK\nAn input-validation flaw in the returnTo parameter in the Auth0 Next.js SDK could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters",
            "references": [
                {
                    "reference_url": "https://github.com/auth0/nextjs-auth0",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/auth0/nextjs-auth0"
                },
                {
                    "reference_url": "https://github.com/auth0/nextjs-auth0/commit/35eb321de3345ccf23e8c0d6f66c9f2f2f57d26c",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/auth0/nextjs-auth0/commit/35eb321de3345ccf23e8c0d6f66c9f2f2f57d26c"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67716",
                    "reference_id": "CVE-2025-67716",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67716"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-mr6f-h57v-rpj5",
                    "reference_id": "GHSA-mr6f-h57v-rpj5",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-mr6f-h57v-rpj5"
                },
                {
                    "reference_url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-mr6f-h57v-rpj5",
                    "reference_id": "GHSA-mr6f-h57v-rpj5",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-mr6f-h57v-rpj5"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/72892?format=api",
                    "purl": "pkg:npm/%40auth0/nextjs-auth0@4.13.0",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540auth0/nextjs-auth0@4.13.0"
                }
            ],
            "aliases": [
                "CVE-2025-67716",
                "GHSA-mr6f-h57v-rpj5"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2k5w-d437-ebhy"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/%2540auth0/nextjs-auth0@4.9.0"
}

Package Instance