Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/941663?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/941663?format=api", "purl": "pkg:pypi/blacksheep@2.4.4a2", "type": "pypi", "namespace": "", "name": "blacksheep", "version": "2.4.4a2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.6", "latest_non_vulnerable_version": "2.4.6", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49710?format=api", "vulnerability_id": "VCID-6ajn-kkrh-47ax", "summary": "BlackSheep's ClientSession is vulnerable to CRLF injection\nThe HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests (e.g. insert a new header) or even create a new HTTP request.\nExploitation requires developers to pass unsanitized user input directly into headers.\nThe server part is not affected because BlackSheep delegates to an underlying ASGI server handling of response headers.\n\n**Attack vector:** Applications using user input in HTTP client requests (method, URL, headers).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16593", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16484", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16469", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16551", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16596", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22779" }, { "reference_url": "https://github.com/Neoteroi/BlackSheep", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Neoteroi/BlackSheep" }, { "reference_url": "https://github.com/Neoteroi/BlackSheep/commit/bd4ecb9542b5d52442276b5a6907931b90f38d12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-14T21:01:45Z/" } ], "url": "https://github.com/Neoteroi/BlackSheep/commit/bd4ecb9542b5d52442276b5a6907931b90f38d12" }, { "reference_url": "https://github.com/Neoteroi/BlackSheep/releases/tag/v2.4.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-14T21:01:45Z/" } ], "url": "https://github.com/Neoteroi/BlackSheep/releases/tag/v2.4.6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22779", "reference_id": "CVE-2026-22779", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22779" }, { "reference_url": "https://github.com/advisories/GHSA-6pw3-h7xf-x4gp", "reference_id": "GHSA-6pw3-h7xf-x4gp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6pw3-h7xf-x4gp" }, { "reference_url": "https://github.com/Neoteroi/BlackSheep/security/advisories/GHSA-6pw3-h7xf-x4gp", "reference_id": "GHSA-6pw3-h7xf-x4gp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-14T21:01:45Z/" } ], "url": "https://github.com/Neoteroi/BlackSheep/security/advisories/GHSA-6pw3-h7xf-x4gp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73403?format=api", "purl": "pkg:pypi/blacksheep@2.4.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/blacksheep@2.4.6" } ], "aliases": [ "CVE-2026-22779", "GHSA-6pw3-h7xf-x4gp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ajn-kkrh-47ax" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/blacksheep@2.4.4a2" }