Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/100709?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/100709?format=api", "vulnerability_id": "VCID-xsha-wn9z-4fg2", "summary": "xorg-x11-server: DoS in xquartz when editing the Application menu due to mutaing immutable arrays", "aliases": [ { "alias": "CVE-2022-3553" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/136484?format=api", "purl": "pkg:deb/debian/xorg-server@2:21.1.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:21.1.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/509650?format=api", "purl": "pkg:deb/debian/xorg-server@2:21.1.7-3%2Bdeb12u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uvb-wkwb-jbbf" }, { "vulnerability": "VCID-5zrz-y3fm-4uet" }, { "vulnerability": "VCID-62xy-rm39-mqge" }, { "vulnerability": "VCID-abhy-pfqz-efa2" }, { "vulnerability": "VCID-csqc-7j51-x7bb" }, { "vulnerability": "VCID-epmv-hj44-2bhq" }, { "vulnerability": "VCID-nynt-8cpp-27fe" }, { "vulnerability": "VCID-wsp6-uyxx-53hf" }, { "vulnerability": "VCID-zdwz-bgk3-fqdj" }, { "vulnerability": "VCID-zsm3-vywn-pkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:21.1.7-3%252Bdeb12u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/136407?format=api", "purl": "pkg:deb/debian/xorg-server@2:21.1.7-3%2Bdeb12u12?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uvb-wkwb-jbbf" }, { "vulnerability": "VCID-5zrz-y3fm-4uet" }, { "vulnerability": "VCID-62xy-rm39-mqge" }, { "vulnerability": "VCID-abhy-pfqz-efa2" }, { "vulnerability": "VCID-csqc-7j51-x7bb" }, { "vulnerability": "VCID-epmv-hj44-2bhq" }, { "vulnerability": "VCID-nynt-8cpp-27fe" }, { "vulnerability": "VCID-wsp6-uyxx-53hf" }, { "vulnerability": "VCID-zdwz-bgk3-fqdj" }, { "vulnerability": "VCID-zsm3-vywn-pkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:21.1.7-3%252Bdeb12u12%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/136413?format=api", "purl": "pkg:deb/debian/xorg-server@2:21.1.16-1.3%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uvb-wkwb-jbbf" }, { "vulnerability": "VCID-5zrz-y3fm-4uet" }, { "vulnerability": "VCID-62xy-rm39-mqge" }, { "vulnerability": "VCID-csqc-7j51-x7bb" }, { "vulnerability": "VCID-epmv-hj44-2bhq" }, { "vulnerability": "VCID-nynt-8cpp-27fe" }, { "vulnerability": "VCID-wsp6-uyxx-53hf" }, { "vulnerability": "VCID-zdwz-bgk3-fqdj" }, { "vulnerability": "VCID-zsm3-vywn-pkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:21.1.16-1.3%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/136410?format=api", "purl": "pkg:deb/debian/xorg-server@2:21.1.22-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uvb-wkwb-jbbf" }, { "vulnerability": "VCID-5zrz-y3fm-4uet" }, { "vulnerability": "VCID-62xy-rm39-mqge" }, { "vulnerability": "VCID-csqc-7j51-x7bb" }, { "vulnerability": "VCID-epmv-hj44-2bhq" }, { "vulnerability": "VCID-nynt-8cpp-27fe" }, { "vulnerability": "VCID-wsp6-uyxx-53hf" }, { "vulnerability": "VCID-zdwz-bgk3-fqdj" }, { "vulnerability": "VCID-zsm3-vywn-pkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:21.1.22-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/136412?format=api", "purl": "pkg:deb/debian/xorg-server@2:21.1.23-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:21.1.23-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/192455?format=api", "purl": "pkg:ebuild/x11-base/xorg-server@21.1.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/x11-base/xorg-server@21.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/192456?format=api", "purl": "pkg:ebuild/x11-base/xwayland@21.1.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/x11-base/xwayland@21.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/192457?format=api", "purl": "pkg:ebuild/x11-base/xwayland@23.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/x11-base/xwayland@23.1.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/509649?format=api", "purl": "pkg:deb/debian/xorg-server@2:1.20.11-1%2Bdeb11u13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uvb-wkwb-jbbf" }, { "vulnerability": "VCID-5zrz-y3fm-4uet" }, { "vulnerability": "VCID-62xy-rm39-mqge" }, { "vulnerability": "VCID-6t55-ed2e-2bcw" }, { "vulnerability": "VCID-8h6n-ntrj-q7g6" }, { "vulnerability": "VCID-8mr3-m631-ykff" }, { "vulnerability": "VCID-95dx-8w8k-4kfp" }, { "vulnerability": "VCID-96ga-avmd-kubh" }, { "vulnerability": "VCID-9pnm-jep8-3bf9" }, { "vulnerability": "VCID-abhy-pfqz-efa2" }, { "vulnerability": "VCID-csqc-7j51-x7bb" }, { "vulnerability": "VCID-epmv-hj44-2bhq" }, { "vulnerability": "VCID-gq7x-petb-hfau" }, { "vulnerability": "VCID-mksc-f652-2qcd" }, { "vulnerability": "VCID-mux3-jggq-bqej" }, { "vulnerability": "VCID-nce7-2t7k-vfdt" }, { "vulnerability": "VCID-nynt-8cpp-27fe" }, { "vulnerability": "VCID-r8bp-sg6q-sqgj" }, { "vulnerability": "VCID-rq9m-9qtm-m3bv" }, { "vulnerability": "VCID-sbxv-5gr6-8be3" }, { "vulnerability": "VCID-ucf1-81as-eucj" }, { "vulnerability": "VCID-vs7d-ydc7-w7ec" }, { "vulnerability": "VCID-waxn-nrqv-k7ca" }, { "vulnerability": "VCID-wsp6-uyxx-53hf" }, { "vulnerability": "VCID-xq35-8sqg-9fcf" }, { "vulnerability": "VCID-xsha-wn9z-4fg2" }, { "vulnerability": "VCID-y5rf-aq67-nbcd" }, { "vulnerability": "VCID-ydth-wf4d-zugb" }, { "vulnerability": "VCID-yqg5-wy1b-hfgx" }, { "vulnerability": "VCID-z6tv-7fmc-13bw" }, { "vulnerability": "VCID-zb61-sksa-e3c5" }, { "vulnerability": "VCID-zdwz-bgk3-fqdj" }, { "vulnerability": "VCID-zsm3-vywn-pkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:1.20.11-1%252Bdeb11u13" }, { "url": "http://public2.vulnerablecode.io/api/packages/136409?format=api", "purl": "pkg:deb/debian/xorg-server@2:1.20.11-1%2Bdeb11u13?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2uvb-wkwb-jbbf" }, { "vulnerability": "VCID-5zrz-y3fm-4uet" }, { "vulnerability": "VCID-62xy-rm39-mqge" }, { "vulnerability": "VCID-8mr3-m631-ykff" }, { "vulnerability": "VCID-abhy-pfqz-efa2" }, { "vulnerability": "VCID-csqc-7j51-x7bb" }, { "vulnerability": "VCID-epmv-hj44-2bhq" }, { "vulnerability": "VCID-mksc-f652-2qcd" }, { "vulnerability": "VCID-mux3-jggq-bqej" }, { "vulnerability": "VCID-nynt-8cpp-27fe" }, { "vulnerability": "VCID-ucf1-81as-eucj" }, { "vulnerability": "VCID-wsp6-uyxx-53hf" }, { "vulnerability": "VCID-xsha-wn9z-4fg2" }, { "vulnerability": "VCID-ydth-wf4d-zugb" }, { "vulnerability": "VCID-zdwz-bgk3-fqdj" }, { "vulnerability": "VCID-zsm3-vywn-pkej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:1.20.11-1%252Bdeb11u13%3Fdistro=trixie" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3553.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3553.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30261", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3027", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30335", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30299", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3553" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140706", "reference_id": "2140706", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140706" }, { "reference_url": "https://security.gentoo.org/glsa/202305-30", "reference_id": "GLSA-202305-30", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:45Z/" } ], "url": "https://security.gentoo.org/glsa/202305-30" }, { "reference_url": "https://vuldb.com/?id.211053", "reference_id": "?id.211053", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:45Z/" } ], "url": "https://vuldb.com/?id.211053" }, { "reference_url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3", "reference_id": "?id=dfd057996b26420309c324ec844a5ba6dd07eda3", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:45Z/" } ], "url": "https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3" } ], "weaknesses": [ { "cwe_id": 404, "name": "Improper Resource Shutdown or Release", "description": "The product does not release or incorrectly releases a resource before it is made available for re-use." } ], "exploits": [], "severity_range_score": "3.5 - 6.5", "exploitability": "0.5", "weighted_severity": "5.9", "risk_score": 3.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsha-wn9z-4fg2" }