Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/1564?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1564?format=api", "vulnerability_id": "VCID-jmve-zgge-ykch", "summary": "A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption.", "aliases": [ { "alias": "CVE-2019-9805" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1707?format=api", "purl": "pkg:alpm/archlinux/firefox@66.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d5vr-k225-qkc2" }, { "vulnerability": "VCID-pkzf-au8z-kfbf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1711?format=api", "purl": "pkg:alpm/archlinux/firefox@65.0.2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11xu-avv4-9ufx" }, { "vulnerability": "VCID-1sd4-yvfs-sqd9" }, { "vulnerability": "VCID-32ee-dr7n-tufz" }, { "vulnerability": "VCID-4ycc-nrc4-5kah" }, { "vulnerability": "VCID-817n-mqrd-k3a5" }, { "vulnerability": "VCID-a3c8-ayvt-eya5" }, { "vulnerability": "VCID-bsqr-4yk1-bbau" }, { "vulnerability": "VCID-dyyp-8pfj-affk" }, { "vulnerability": "VCID-e542-rp8s-3ber" }, { "vulnerability": "VCID-he6e-re8n-kyax" }, { "vulnerability": "VCID-jmve-zgge-ykch" }, { "vulnerability": "VCID-q5cp-pxq4-kfgz" }, { "vulnerability": "VCID-q8b7-av4e-v7a5" }, { "vulnerability": "VCID-ukws-zeq7-myez" }, { "vulnerability": "VCID-wqg4-ptah-6qg1" }, { "vulnerability": "VCID-xntf-72n7-9qee" }, { "vulnerability": "VCID-yszh-ksz2-ekbr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@65.0.2-1" } ], "references": [ { "reference_url": "https://security.archlinux.org/ASA-201903-11", "reference_id": "ASA-201903-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-11" }, { "reference_url": "https://security.archlinux.org/AVG-925", "reference_id": "AVG-925", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-925" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-07", "reference_id": "mfsa2019-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-07" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmve-zgge-ykch" }