Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/73607?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/73607?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.0", "type": "nuget", "namespace": "", "name": "Microsoft.AspNetCore.App.Runtime.win-x86", "version": "9.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.1.28", "latest_non_vulnerable_version": "10.0.4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23234?format=api", "vulnerability_id": "VCID-gnn3-qx8c-3qfn", "summary": ".NET Denial of Service Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA denial of service vulnerability exists in ASP.NET Core due to uncontrolled resource consumption. A specially crafted message to a SignalR server can exhaust an internal buffer and cause a Denial of Service.", "references": [ { "reference_url": "https://github.com/dotnet/aspnetcore", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dotnet/aspnetcore" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2026-26130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cve.org/CVERecord?id=CVE-2026-26130" }, { "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26130", "reference_id": "CVE-2026-26130", "reference_type": "", "scores": [], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26130" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26130", "reference_id": "CVE-2026-26130", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26130" }, { "reference_url": "https://github.com/advisories/GHSA-4vgm-c2wm-63mw", "reference_id": "GHSA-4vgm-c2wm-63mw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4vgm-c2wm-63mw" }, { "reference_url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-4vgm-c2wm-63mw", "reference_id": "GHSA-4vgm-c2wm-63mw", "reference_type": "", "scores": [], "url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-4vgm-c2wm-63mw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73610?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/73611?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@10.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@10.0.4" } ], "aliases": [ "CVE-2026-26130", "GHSA-4vgm-c2wm-63mw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnn3-qx8c-3qfn" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x86@9.0.0" }