Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/74601?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/74601?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-arm@8.0.25", "type": "nuget", "namespace": "", "name": "Microsoft.AspNetCore.App.Runtime.linux-arm", "version": "8.0.25", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.0.10", "latest_non_vulnerable_version": "10.0.4", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50827?format=api", "vulnerability_id": "VCID-qyfs-eq91-qbbc", "summary": ".NET Denial of Service Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA denial of service vulnerability exists in ASP.NET Core due to uncontrolled resource consumption. A specially crafted message to a SignalR server can exhaust an internal buffer and cause a Denial of Service.", "references": [ { "reference_url": "https://github.com/dotnet/aspnetcore", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dotnet/aspnetcore" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2026-26130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cve.org/CVERecord?id=CVE-2026-26130" }, { "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26130", "reference_id": "CVE-2026-26130", "reference_type": "", "scores": [], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26130" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26130", "reference_id": "CVE-2026-26130", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26130" }, { "reference_url": "https://github.com/advisories/GHSA-4vgm-c2wm-63mw", "reference_id": "GHSA-4vgm-c2wm-63mw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4vgm-c2wm-63mw" }, { "reference_url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-4vgm-c2wm-63mw", "reference_id": "GHSA-4vgm-c2wm-63mw", "reference_type": "", "scores": [], "url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-4vgm-c2wm-63mw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74601?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-arm@8.0.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-arm@8.0.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/74749?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-arm@9.0.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-arm@9.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/74750?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-arm@10.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-arm@10.0.4" } ], "aliases": [ "CVE-2026-26130", "GHSA-4vgm-c2wm-63mw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qyfs-eq91-qbbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50795?format=api", "vulnerability_id": "VCID-xq33-4675-fkfm", "summary": "Duplicate Advisory: .NET Denial of Service Vulnerability\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-4vgm-c2wm-63mw. This link is maintained to preserve external references.\n\n### Original Description\nAllocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.", "references": [ { "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26130", "reference_id": "CVE-2026-26130", "reference_type": "", "scores": [], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26130" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26130", "reference_id": "CVE-2026-26130", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26130" }, { "reference_url": "https://github.com/advisories/GHSA-vh8f-65qg-3m8j", "reference_id": "GHSA-vh8f-65qg-3m8j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vh8f-65qg-3m8j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74601?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-arm@8.0.25", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-arm@8.0.25" } ], "aliases": [ "GHSA-vh8f-65qg-3m8j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xq33-4675-fkfm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.App.Runtime.linux-arm@8.0.25" }