Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/73757?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/73757?format=api", "purl": "pkg:composer/psy/psysh@0.11.23", "type": "composer", "namespace": "psy", "name": "psysh", "version": "0.11.23", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.12.19", "latest_non_vulnerable_version": "0.12.19", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49905?format=api", "vulnerability_id": "VCID-3y1b-7rsj-vugy", "summary": "PsySH has Local Privilege Escalation via CWD .psysh.php auto-load\nPsySH automatically loads and executes a `.psysh.php` file from the Current Working Directory (CWD) on startup. If an attacker can write to a directory that a victim later uses as their CWD when launching PsySH, the attacker can trigger arbitrary code execution in the victim's context. When the victim runs PsySH with elevated privileges (e.g., root), this results in local privilege escalation.", "references": [ { "reference_url": "https://github.com/bobthecow/psysh", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bobthecow/psysh" }, { "reference_url": "https://github.com/bobthecow/psysh/releases/tag/v0.11.23", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bobthecow/psysh/releases/tag/v0.11.23" }, { "reference_url": "https://github.com/bobthecow/psysh/releases/tag/v0.12.19", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/bobthecow/psysh/releases/tag/v0.12.19" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25129", "reference_id": "CVE-2026-25129", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25129" }, { "reference_url": "https://github.com/advisories/GHSA-4486-gxhx-5mg7", "reference_id": "GHSA-4486-gxhx-5mg7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4486-gxhx-5mg7" }, { "reference_url": "https://github.com/bobthecow/psysh/security/advisories/GHSA-4486-gxhx-5mg7", "reference_id": "GHSA-4486-gxhx-5mg7", "reference_type": "", "scores": [], "url": "https://github.com/bobthecow/psysh/security/advisories/GHSA-4486-gxhx-5mg7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73757?format=api", "purl": "pkg:composer/psy/psysh@0.11.23", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/psy/psysh@0.11.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/73756?format=api", "purl": "pkg:composer/psy/psysh@0.12.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/psy/psysh@0.12.19" } ], "aliases": [ "CVE-2026-25129", "GHSA-4486-gxhx-5mg7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3y1b-7rsj-vugy" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/psy/psysh@0.11.23" }