Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/73887?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/73887?format=api", "purl": "pkg:gem/spree_storefront@5.3.2", "type": "gem", "namespace": "", "name": "spree_storefront", "version": "5.3.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50029?format=api", "vulnerability_id": "VCID-zffp-88zp-w3hg", "summary": "Unauthenticated Spree Commerce users can view completed guest orders by Order ID\nThis issue may lead to disclosure of PII of guest users (including names, addresses and phone numbers).", "references": [ { "reference_url": "https://github.com/spree/spree", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree" }, { "reference_url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/storefront/app/controllers/spree/orders_controller.rb#L14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/storefront/app/controllers/spree/orders_controller.rb#L14" }, { "reference_url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/storefront/app/controllers/spree/orders_controller.rb#L51C1-L55C8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/storefront/app/controllers/spree/orders_controller.rb#L51C1-L55C8" }, { "reference_url": "https://github.com/spree/spree/blob/a878eb4a782ce0445d218ea86fb12075b0e3d7cc/core/lib/spree/core/number_generator.rb#L45", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree/blob/a878eb4a782ce0445d218ea86fb12075b0e3d7cc/core/lib/spree/core/number_generator.rb#L45" }, { "reference_url": "https://github.com/spree/spree/commit/3e00be64c128ef4bd4b99731f0c3ab469509cfab", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree/commit/3e00be64c128ef4bd4b99731f0c3ab469509cfab" }, { "reference_url": "https://github.com/spree/spree/commit/6b32ed7d474aa55fa441990e6aa39740152aa1be", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree/commit/6b32ed7d474aa55fa441990e6aa39740152aa1be" }, { "reference_url": "https://github.com/spree/spree/commit/6f6b8a7a28a8bff24a6e20eab04b4bbbdf39384d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree/commit/6f6b8a7a28a8bff24a6e20eab04b4bbbdf39384d" }, { "reference_url": "https://github.com/spree/spree/commit/ea4a5db590ca753dbc986f2a4e818d9e0edfb1ad", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree/commit/ea4a5db590ca753dbc986f2a4e818d9e0edfb1ad" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25757", "reference_id": "CVE-2026-25757", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25757" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_storefront/CVE-2026-25757.yml", "reference_id": "CVE-2026-25757.YML", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_storefront/CVE-2026-25757.yml" }, { "reference_url": "https://github.com/advisories/GHSA-p6pv-q7rc-g4h9", "reference_id": "GHSA-p6pv-q7rc-g4h9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p6pv-q7rc-g4h9" }, { "reference_url": "https://github.com/spree/spree/security/advisories/GHSA-p6pv-q7rc-g4h9", "reference_id": "GHSA-p6pv-q7rc-g4h9", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spree/spree/security/advisories/GHSA-p6pv-q7rc-g4h9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73884?format=api", "purl": "pkg:gem/spree_storefront@5.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/173925?format=api", "purl": "pkg:gem/spree_storefront@5.1.0.beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zffp-88zp-w3hg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.1.0.beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/73885?format=api", "purl": "pkg:gem/spree_storefront@5.1.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/173935?format=api", "purl": "pkg:gem/spree_storefront@5.2.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zffp-88zp-w3hg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.2.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73886?format=api", "purl": "pkg:gem/spree_storefront@5.2.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/173944?format=api", "purl": "pkg:gem/spree_storefront@5.3.0.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zffp-88zp-w3hg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.3.0.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73887?format=api", "purl": "pkg:gem/spree_storefront@5.3.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.3.2" } ], "aliases": [ "CVE-2026-25757", "GHSA-p6pv-q7rc-g4h9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zffp-88zp-w3hg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/spree_storefront@5.3.2" }