Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/81062?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/81062?format=api", "purl": "pkg:pypi/apache-airflow@2.0.0a1", "type": "pypi", "namespace": "", "name": "apache-airflow", "version": "2.0.0a1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.2.2", "latest_non_vulnerable_version": "3.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35787?format=api", "vulnerability_id": "VCID-ks8d-9vr8-4feh", "summary": "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02558", "scoring_system": "epss", "scoring_elements": "0.85786", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02558", "scoring_system": "epss", "scoring_elements": "0.85808", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28359" }, { "reference_url": "https://github.com/advisories/GHSA-3xxv-p78r-4fc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3xxv-p78r-4fc6" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2fef2ab1bf0f8c727a503940c9c65fd5be208386", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/2fef2ab1bf0f8c727a503940c9c65fd5be208386" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-4.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-4.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28359", "reference_id": "CVE-2021-28359", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28359" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21648?format=api", "purl": "pkg:pypi/apache-airflow@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w96-f72k-ryap" }, { "vulnerability": "VCID-2fnz-jqpe-nuau" }, { "vulnerability": "VCID-2xr2-w3hk-auck" }, { "vulnerability": "VCID-2ysx-9hz5-fyfm" }, { "vulnerability": "VCID-3h3z-bfsc-jqax" }, { "vulnerability": "VCID-4ga6-4111-dyc9" }, { "vulnerability": "VCID-4jpp-1y1j-pub1" }, { "vulnerability": "VCID-4xax-xw67-2qfv" }, { "vulnerability": "VCID-56eq-awhd-d3fr" }, { "vulnerability": "VCID-5cpd-kjpb-ekhv" }, { "vulnerability": "VCID-5jyk-dgtu-zfhd" }, { "vulnerability": "VCID-5yxa-ubfq-fqdx" }, { "vulnerability": "VCID-5zmy-2ape-7qfa" }, { "vulnerability": "VCID-6d41-f8bx-xkh1" }, { "vulnerability": "VCID-6gjt-zsju-47a3" }, { "vulnerability": "VCID-6vg9-hu9u-q7c3" }, { "vulnerability": "VCID-71hr-1ews-9qa6" }, { "vulnerability": "VCID-835a-arqz-g7h7" }, { "vulnerability": "VCID-91n6-evww-zybp" }, { "vulnerability": "VCID-98yf-mvnw-d3b4" }, { "vulnerability": "VCID-amac-hqnj-xfgz" }, { "vulnerability": "VCID-b3w3-h9cm-ufgm" }, { "vulnerability": "VCID-cahz-4dy7-bbe9" }, { "vulnerability": "VCID-dh4r-77xc-cbas" }, { "vulnerability": "VCID-djdy-z9r3-s3a2" }, { "vulnerability": "VCID-due7-n14c-akfx" }, { "vulnerability": "VCID-ej1r-mp6n-gudd" }, { "vulnerability": "VCID-ez45-qkb4-xkba" }, { "vulnerability": "VCID-fbjk-2uvy-mqfc" }, { "vulnerability": "VCID-gn6e-a1yp-g7dw" }, { "vulnerability": "VCID-gz6e-b7dz-5qdf" }, { "vulnerability": "VCID-h6sp-398p-pbeg" }, { "vulnerability": "VCID-hah6-e5fc-juc5" }, { "vulnerability": "VCID-hy75-nfg7-zfae" }, { "vulnerability": "VCID-j86y-n37n-n7ft" }, { "vulnerability": "VCID-kh46-xrgm-9udx" }, { "vulnerability": "VCID-mcbu-b45m-k3ck" }, { "vulnerability": "VCID-njyy-ywer-x7bf" }, { "vulnerability": "VCID-pu6f-xhvm-q3du" }, { "vulnerability": "VCID-pybp-gfy8-2qcr" }, { "vulnerability": "VCID-pypb-cezm-rkb2" }, { "vulnerability": "VCID-q84t-8dac-93dm" }, { "vulnerability": "VCID-qehu-58hj-67gn" }, { "vulnerability": "VCID-qg28-p7e1-g3bj" }, { "vulnerability": "VCID-qmpd-946c-gqbc" }, { "vulnerability": "VCID-qr9h-6dg8-gkh3" }, { "vulnerability": "VCID-rkeh-vuxg-ubgn" }, { "vulnerability": "VCID-ryct-uaw3-fyfc" }, { "vulnerability": "VCID-suwt-h1ze-mydu" }, { "vulnerability": "VCID-t3ap-dzfp-1bd6" }, { "vulnerability": "VCID-t476-g5u5-1yeh" }, { "vulnerability": "VCID-tcvd-eys5-1qhf" }, { "vulnerability": "VCID-u5wv-47m4-8yd6" }, { "vulnerability": "VCID-x9ns-34nt-gfer" }, { "vulnerability": "VCID-xh7u-8ze6-cqhk" }, { "vulnerability": "VCID-ydhm-m8vh-mber" }, { "vulnerability": "VCID-z4aj-mkes-tube" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2" } ], "aliases": [ "BIT-airflow-2021-28359", "CVE-2021-28359", "GHSA-3xxv-p78r-4fc6", "PYSEC-2021-4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ks8d-9vr8-4feh" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0a1" }