Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/83331?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/83331?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.3.0", "type": "nuget", "namespace": "", "name": "Microsoft.AspNetCore.Server.Kestrel.Core", "version": "2.3.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.3.6", "latest_non_vulnerable_version": "2.3.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20436?format=api", "vulnerability_id": "VCID-ggxt-5r42-gydv", "summary": "Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability\nMicrosoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.\n\nInconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55315", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01681", "scoring_system": "epss", "scoring_elements": "0.82497", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55315" }, { "reference_url": "https://github.com/dotnet/announcements/issues/371", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dotnet/announcements/issues/371" }, { "reference_url": "https://github.com/dotnet/aspnetcore", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/dotnet/aspnetcore" }, { "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315", "reference_id": "CVE-2025-55315", "reference_type": "", "scores": [], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55315" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55315", "reference_id": "CVE-2025-55315", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55315" }, { "reference_url": "https://github.com/advisories/GHSA-5rrx-jjjq-q2r5", "reference_id": "GHSA-5rrx-jjjq-q2r5", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5rrx-jjjq-q2r5" }, { "reference_url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5", "reference_id": "GHSA-5rrx-jjjq-q2r5", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-5rrx-jjjq-q2r5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69652?format=api", "purl": "pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.3.6" } ], "aliases": [ "CVE-2025-55315", "GHSA-5rrx-jjjq-q2r5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggxt-5r42-gydv" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core@2.3.0" }