Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/87769?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/87769?format=api", "purl": "pkg:deb/debian/accountsservice@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "accountsservice", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.6.15-3", "latest_non_vulnerable_version": "23.13.9-8", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58465?format=api", "vulnerability_id": "VCID-2ums-yvkp-m3hg", "summary": "In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3297.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3297.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13492", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3297" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182", "reference_id": "2024182", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-30T20:18:59Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218566", "reference_id": "2218566", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297", "reference_id": "cvename.cgi?name=CVE-2023-3297", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-30T20:18:59Z/" } ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297" }, { "reference_url": "https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/", "reference_id": "GHSL-2023-139_accountsservice", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-30T20:18:59Z/" } ], "url": "https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/" }, { "reference_url": "https://ubuntu.com/security/notices/USN-6190-1", "reference_id": "USN-6190-1", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-30T20:18:59Z/" } ], "url": "https://ubuntu.com/security/notices/USN-6190-1" }, { "reference_url": "https://usn.ubuntu.com/6190-1/", "reference_id": "USN-6190-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6190-1/" }, { "reference_url": "https://usn.ubuntu.com/6190-2/", "reference_id": "USN-6190-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6190-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87769?format=api", "purl": "pkg:deb/debian/accountsservice@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-3297" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ums-yvkp-m3hg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58461?format=api", "vulnerability_id": "VCID-6j3a-5beq-mqcq", "summary": "An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01989", "scoring_system": "epss", "scoring_elements": "0.83927", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01989", "scoring_system": "epss", "scoring_elements": "0.8395", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16126" }, { "reference_url": "https://usn.ubuntu.com/4616-1/", "reference_id": "USN-4616-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4616-1/" }, { "reference_url": "https://usn.ubuntu.com/4616-2/", "reference_id": "USN-4616-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4616-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87769?format=api", "purl": "pkg:deb/debian/accountsservice@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-16126" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6j3a-5beq-mqcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58463?format=api", "vulnerability_id": "VCID-dwbd-qj5c-yqa8", "summary": "Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3939", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31113", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.3118", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3939" }, { "reference_url": "https://usn.ubuntu.com/5149-1/", "reference_id": "USN-5149-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5149-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87769?format=api", "purl": "pkg:deb/debian/accountsservice@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-3939" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dwbd-qj5c-yqa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58464?format=api", "vulnerability_id": "VCID-ryr9-rxuf-sugb", "summary": "accountsservice no longer drops permissions when writting .pam_environment", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20245", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20319", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250", "reference_id": "1974250", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T12:58:36Z/" } ], "url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250" }, { "reference_url": "https://ubuntu.com/security/notices/USN-5439-1", "reference_id": "USN-5439-1", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T12:58:36Z/" } ], "url": "https://ubuntu.com/security/notices/USN-5439-1" }, { "reference_url": "https://usn.ubuntu.com/5439-1/", "reference_id": "USN-5439-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5439-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87769?format=api", "purl": "pkg:deb/debian/accountsservice@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-1804" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ryr9-rxuf-sugb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58462?format=api", "vulnerability_id": "VCID-vr1s-re3z-vbh7", "summary": "An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38261", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38349", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-16127" }, { "reference_url": "https://usn.ubuntu.com/4616-1/", "reference_id": "USN-4616-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4616-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87769?format=api", "purl": "pkg:deb/debian/accountsservice@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87763?format=api", "purl": "pkg:deb/debian/accountsservice@0.6.55-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-yq42-b126-vfhz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0.6.55-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87761?format=api", "purl": "pkg:deb/debian/accountsservice@22.08.8-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@22.08.8-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87765?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/87764?format=api", "purl": "pkg:deb/debian/accountsservice@23.13.9-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@23.13.9-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-16127" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vr1s-re3z-vbh7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/accountsservice@0%3Fdistro=trixie" }