Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/802020?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/802020?format=api", "purl": "pkg:maven/com.erudika/para-server@1.49.0", "type": "maven", "namespace": "com.erudika", "name": "para-server", "version": "1.49.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.50.8", "latest_non_vulnerable_version": "1.50.8", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98397?format=api", "vulnerability_id": "VCID-tqtn-jq9e-77ce", "summary": "Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29994", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29796", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49009" }, { "reference_url": "https://github.com/Erudika/para", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Erudika/para" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49009", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49009" }, { "reference_url": "https://github.com/Erudika/para/commit/46a908d887da02037384193f70a69345f04887cf", "reference_id": "46a908d887da02037384193f70a69345f04887cf", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:54:10Z/" } ], "url": "https://github.com/Erudika/para/commit/46a908d887da02037384193f70a69345f04887cf" }, { "reference_url": "https://github.com/advisories/GHSA-qx7g-fx8q-545g", "reference_id": "GHSA-qx7g-fx8q-545g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qx7g-fx8q-545g" }, { "reference_url": "https://github.com/Erudika/para/security/advisories/GHSA-qx7g-fx8q-545g", "reference_id": "GHSA-qx7g-fx8q-545g", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T13:54:10Z/" } ], "url": "https://github.com/Erudika/para/security/advisories/GHSA-qx7g-fx8q-545g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378576?format=api", "purl": "pkg:maven/com.erudika/para-server@1.50.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.erudika/para-server@1.50.8" } ], "aliases": [ "CVE-2025-49009", "GHSA-qx7g-fx8q-545g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tqtn-jq9e-77ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/118229?format=api", "vulnerability_id": "VCID-y3kg-jqg1-7yak", "summary": "Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29796", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29994", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48955" }, { "reference_url": "https://github.com/Erudika/para", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Erudika/para" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48955", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48955" }, { "reference_url": "https://github.com/Erudika/para/commit/1e8a89558542854bb0683ab234c4429ad93b0835", "reference_id": "1e8a89558542854bb0683ab234c4429ad93b0835", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:46:31Z/" } ], "url": "https://github.com/Erudika/para/commit/1e8a89558542854bb0683ab234c4429ad93b0835" }, { "reference_url": "https://github.com/advisories/GHSA-v75g-77vf-6jjq", "reference_id": "GHSA-v75g-77vf-6jjq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v75g-77vf-6jjq" }, { "reference_url": "https://github.com/Erudika/para/security/advisories/GHSA-v75g-77vf-6jjq", "reference_id": "GHSA-v75g-77vf-6jjq", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-02T16:46:31Z/" } ], "url": "https://github.com/Erudika/para/security/advisories/GHSA-v75g-77vf-6jjq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378576?format=api", "purl": "pkg:maven/com.erudika/para-server@1.50.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.erudika/para-server@1.50.8" } ], "aliases": [ "CVE-2025-48955", "GHSA-v75g-77vf-6jjq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3kg-jqg1-7yak" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/com.erudika/para-server@1.49.0" }