Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/86436?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/86436?format=api", "purl": "pkg:mozilla/Thunderbird@102.2.1", "type": "mozilla", "namespace": "", "name": "Thunderbird", "version": "102.2.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "102.3.0", "latest_non_vulnerable_version": "149.0.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63393?format=api", "vulnerability_id": "VCID-6dgw-qbue-nqax", "summary": "If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag\nhaving the http-equiv=\"refresh\" attribute, and the content attribute specifying an URL, then\nThunderbird started a network request to that URL, regardless of the configuration to block\nremote content. In combination with certain other HTML elements and attributes in the email,\nit was possible to execute JavaScript code included in the message in the context of the\nmessage compose document. \nThe JavaScript code was able to perform actions including, but probably not limited\nto, read and modify the contents of the message compose document, including the quoted\noriginal message, which could potentially contain the decrypted plaintext of encrypted data \nin the crafted email.\nThe contents could then be transmitted to the network, either to the URL specified in the META refresh tag,\nor to a different URL, as the JavaScript code could modify the URL specified in the document.\nThis bug doesn't affect users who have changed the default Message Body display setting to\n'simple html' or 'plain text'.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3033.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3033.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3033", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.73007", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.73014", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.72917", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.73004", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.72962", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.72969", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.72989", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.72912", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.7295", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.72964", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.72937", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3033" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2123256", "reference_id": "2123256", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2123256" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-38", "reference_id": "mfsa2022-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-38" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-38/", "reference_id": "mfsa2022-38", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:16:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-38/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-39", "reference_id": "mfsa2022-39", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-39" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-39/", "reference_id": "mfsa2022-39", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:16:03Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-39/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6708", "reference_id": "RHSA-2022:6708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6710", "reference_id": "RHSA-2022:6710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6713", "reference_id": "RHSA-2022:6713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6715", "reference_id": "RHSA-2022:6715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6715" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6716", "reference_id": "RHSA-2022:6716", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6716" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6717", "reference_id": "RHSA-2022:6717", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6717" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1784838", "reference_id": "show_bug.cgi?id=1784838", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-15T16:16:03Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1784838" }, { "reference_url": "https://usn.ubuntu.com/5663-1/", "reference_id": "USN-5663-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5663-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86419?format=api", "purl": "pkg:mozilla/Thunderbird@91.13.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@91.13.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/86436?format=api", "purl": "pkg:mozilla/Thunderbird@102.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@102.2.1" } ], "aliases": [ "CVE-2022-3033" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6dgw-qbue-nqax" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@102.2.1" }