Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/932654?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/932654?format=api", "purl": "pkg:deb/debian/node-tar@6.1.11%2B~cs11.3.10-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "node-tar", "version": "6.1.11+~cs11.3.10-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "6.1.13+~cs7.0.5-2", "latest_non_vulnerable_version": "6.2.1+ds1+~cs6.1.13-10", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11153?format=api", "vulnerability_id": "VCID-7mtb-yaq7-77ep", "summary": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nThe npm package \"tar\" (aka node-tar) has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37712.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37712.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24623", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24643", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24626", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.2458", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24509", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24737", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24698", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24413", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24454", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24468", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24523", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24548", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24557", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.246", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37712" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37701", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37701" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37712" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/isaacs/node-tar/commit/1739408d3122af897caefd09662bce2ea477533b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/isaacs/node-tar/commit/1739408d3122af897caefd09662bce2ea477533b" }, { "reference_url": "https://github.com/isaacs/node-tar/commit/2f1bca027286c23e110b8dfc7efc10756fa3db5a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/isaacs/node-tar/commit/2f1bca027286c23e110b8dfc7efc10756fa3db5a" }, { "reference_url": "https://github.com/isaacs/node-tar/commit/3aaf19b2501bbddb145d92b3322c80dcaed3c35f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/isaacs/node-tar/commit/3aaf19b2501bbddb145d92b3322c80dcaed3c35f" }, { "reference_url": "https://github.com/isaacs/node-tar/commit/b6162c7fafe797f856564ef37f4b82747f051455", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/isaacs/node-tar/commit/b6162c7fafe797f856564ef37f4b82747f051455" }, { "reference_url": "https://github.com/isaacs/node-tar/commit/bb93ba243746f705092905da1955ac3b0509ba1e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/isaacs/node-tar/commit/bb93ba243746f705092905da1955ac3b0509ba1e" }, { "reference_url": "https://github.com/isaacs/node-tar/commit/d56f790bda9fea807dd80c5083f24771dbdd6eb1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/isaacs/node-tar/commit/d56f790bda9fea807dd80c5083f24771dbdd6eb1" }, { "reference_url": "https://github.com/npm/node-tar", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/npm/node-tar" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00023.html" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5008", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-5008" }, { "reference_url": "https://www.npmjs.com/package/tar", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.npmjs.com/package/tar" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999739", "reference_id": "1999739", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999739" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993981", "reference_id": "993981", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993981" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37712", "reference_id": "CVE-2021-37712", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37712" }, { "reference_url": "https://github.com/advisories/GHSA-qq89-hq3f-393p", "reference_id": "GHSA-qq89-hq3f-393p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qq89-hq3f-393p" }, { "reference_url": "https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p", "reference_id": "GHSA-qq89-hq3f-393p", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p" }, { "reference_url": "https://security.gentoo.org/glsa/202405-29", "reference_id": "GLSA-202405-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5086", "reference_id": "RHSA-2021:5086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0041", "reference_id": "RHSA-2022:0041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0246", "reference_id": "RHSA-2022:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0350", "reference_id": "RHSA-2022:0350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4914", "reference_id": "RHSA-2022:4914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4914" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/932648?format=api", "purl": "pkg:deb/debian/node-tar@6.0.5%2Bds1%2B~cs11.3.9-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wr3-7131-u3aa" }, { "vulnerability": "VCID-bj4b-gq5e-2kfy" }, { "vulnerability": "VCID-fqmy-jhdk-xfhw" }, { "vulnerability": "VCID-jj22-rfbv-bkg3" }, { "vulnerability": "VCID-qunt-xms1-a3cc" }, { "vulnerability": "VCID-xqpk-t1d2-yqak" }, { "vulnerability": "VCID-yy79-dbn9-7bd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-tar@6.0.5%252Bds1%252B~cs11.3.9-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932654?format=api", "purl": "pkg:deb/debian/node-tar@6.1.11%2B~cs11.3.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-tar@6.1.11%252B~cs11.3.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932646?format=api", "purl": "pkg:deb/debian/node-tar@6.1.13%2B~cs7.0.5-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wr3-7131-u3aa" }, { "vulnerability": "VCID-bj4b-gq5e-2kfy" }, { "vulnerability": "VCID-fqmy-jhdk-xfhw" }, { "vulnerability": "VCID-jj22-rfbv-bkg3" }, { "vulnerability": "VCID-yy79-dbn9-7bd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-tar@6.1.13%252B~cs7.0.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932650?format=api", "purl": "pkg:deb/debian/node-tar@6.2.1%2B~cs7.0.8-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5wr3-7131-u3aa" }, { "vulnerability": "VCID-bj4b-gq5e-2kfy" }, { "vulnerability": "VCID-jj22-rfbv-bkg3" }, { "vulnerability": "VCID-yy79-dbn9-7bd5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-tar@6.2.1%252B~cs7.0.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/932649?format=api", "purl": "pkg:deb/debian/node-tar@6.2.1%2Bds1%2B~cs6.1.13-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-tar@6.2.1%252Bds1%252B~cs6.1.13-10%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-37712", "GHSA-qq89-hq3f-393p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7mtb-yaq7-77ep" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-tar@6.1.11%252B~cs11.3.10-1%3Fdistro=trixie" }