Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/84216?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/84216?format=api", "purl": "pkg:ebuild/dev-libs/apr-util@1.3.7", "type": "ebuild", "namespace": "dev-libs", "name": "apr-util", "version": "1.3.7", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.3.8", "latest_non_vulnerable_version": "1.4.8-r1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3710?format=api", "vulnerability_id": "VCID-3kyb-4yvt-f7e1", "summary": "A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1955.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1955.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.84846", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.8475", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.84765", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.84784", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.84785", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.84808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.84814", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.84833", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.84829", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.84824", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1955" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555", "reference_id": "504555", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2009-1955.json", "reference_id": "CVE-2009-1955", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2009-1955.json" }, { "reference_url": "https://security.gentoo.org/glsa/200907-03", "reference_id": "GLSA-200907-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200907-03" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8842.pl", "reference_id": "OSVDB-55057;CVE-2009-1955", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/8842.pl" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1107", "reference_id": "RHSA-2009:1107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1108", "reference_id": "RHSA-2009:1108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1160", "reference_id": "RHSA-2009:1160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1160" }, { "reference_url": "https://usn.ubuntu.com/786-1/", "reference_id": "USN-786-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/786-1/" }, { "reference_url": "https://usn.ubuntu.com/787-1/", "reference_id": "USN-787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84216?format=api", "purl": "pkg:ebuild/dev-libs/apr-util@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/apr-util@1.3.7" } ], "aliases": [ "CVE-2009-1955" ], "risk_score": 9.6, "exploitability": "2.0", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kyb-4yvt-f7e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3705?format=api", "vulnerability_id": "VCID-7ftk-sajb-akh4", "summary": "A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0023.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14793", "scoring_system": "epss", "scoring_elements": "0.94517", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.14793", "scoring_system": "epss", "scoring_elements": "0.94469", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.14793", "scoring_system": "epss", "scoring_elements": "0.94476", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.14793", "scoring_system": "epss", "scoring_elements": "0.94483", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.14793", "scoring_system": "epss", "scoring_elements": "0.94485", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.14793", "scoring_system": "epss", "scoring_elements": "0.94495", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.14793", "scoring_system": "epss", "scoring_elements": "0.94499", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.14793", "scoring_system": "epss", "scoring_elements": "0.94502", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.14793", "scoring_system": "epss", "scoring_elements": "0.94504", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928", "reference_id": "503928", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2009-0023.json", "reference_id": "CVE-2009-0023", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2009-0023.json" }, { "reference_url": "https://security.gentoo.org/glsa/200907-03", "reference_id": "GLSA-200907-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200907-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1107", "reference_id": "RHSA-2009:1107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1108", "reference_id": "RHSA-2009:1108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1160", "reference_id": "RHSA-2009:1160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1160" }, { "reference_url": "https://usn.ubuntu.com/786-1/", "reference_id": "USN-786-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/786-1/" }, { "reference_url": "https://usn.ubuntu.com/787-1/", "reference_id": "USN-787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84216?format=api", "purl": "pkg:ebuild/dev-libs/apr-util@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/apr-util@1.3.7" } ], "aliases": [ "CVE-2009-0023" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ftk-sajb-akh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3711?format=api", "vulnerability_id": "VCID-pj4f-awuq-73g6", "summary": "An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1956.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.90162", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.90102", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.90105", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.90117", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.90121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.90137", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.90143", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.90151", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.9015", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05415", "scoring_system": "epss", "scoring_elements": "0.90145", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1956" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390", "reference_id": "504390", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2009-1956.json", "reference_id": "CVE-2009-1956", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2009-1956.json" }, { "reference_url": "https://security.gentoo.org/glsa/200907-03", "reference_id": "GLSA-200907-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200907-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1107", "reference_id": "RHSA-2009:1107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1108", "reference_id": "RHSA-2009:1108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1108" }, { "reference_url": "https://usn.ubuntu.com/786-1/", "reference_id": "USN-786-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/786-1/" }, { "reference_url": "https://usn.ubuntu.com/787-1/", "reference_id": "USN-787-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/787-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84216?format=api", "purl": "pkg:ebuild/dev-libs/apr-util@1.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/apr-util@1.3.7" } ], "aliases": [ "CVE-2009-1956" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pj4f-awuq-73g6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/apr-util@1.3.7" }