VulnerableCode.io REST API

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/16679?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16679?format=api",
    "vulnerability_id": "VCID-e41n-8a2f-53ay",
    "summary": "Command Injection in Apache Airflow and Apache Airflow MySQL Provider\nImproper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.",
    "aliases": [
        {
            "alias": "CVE-2023-22884"
        },
        {
            "alias": "GHSA-c732-xvv8-g94c"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/30867?format=api",
            "purl": "pkg:pypi/apache-airflow@2.5.1",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-1963-1kyn-2ban"
                },
                {
                    "vulnerability": "VCID-1azm-hsvr-f3e8"
                },
                {
                    "vulnerability": "VCID-1ptn-xvsy-d3hu"
                },
                {
                    "vulnerability": "VCID-1tvn-y85f-jkb9"
                },
                {
                    "vulnerability": "VCID-2q7x-bua5-37h7"
                },
                {
                    "vulnerability": "VCID-4693-xwwu-7uem"
                },
                {
                    "vulnerability": "VCID-4btd-59ga-1yd4"
                },
                {
                    "vulnerability": "VCID-4u8d-ezsr-sqcz"
                },
                {
                    "vulnerability": "VCID-7z8j-8f4d-53dm"
                },
                {
                    "vulnerability": "VCID-82p8-yujf-hkdd"
                },
                {
                    "vulnerability": "VCID-8m3p-yzr8-yyhj"
                },
                {
                    "vulnerability": "VCID-8npr-rvfd-jkfj"
                },
                {
                    "vulnerability": "VCID-8ykk-1kak-6bfd"
                },
                {
                    "vulnerability": "VCID-arbk-dryb-qkda"
                },
                {
                    "vulnerability": "VCID-d3kc-fn21-xqar"
                },
                {
                    "vulnerability": "VCID-dk1y-938p-k3bv"
                },
                {
                    "vulnerability": "VCID-fctg-457f-4uae"
                },
                {
                    "vulnerability": "VCID-hgq2-kuex-y3a3"
                },
                {
                    "vulnerability": "VCID-hpf3-3z3m-6ydt"
                },
                {
                    "vulnerability": "VCID-j6uh-kx6m-sydp"
                },
                {
                    "vulnerability": "VCID-kb4a-mm13-63bj"
                },
                {
                    "vulnerability": "VCID-kgfb-yphg-n3ec"
                },
                {
                    "vulnerability": "VCID-mbgq-fq5n-kufh"
                },
                {
                    "vulnerability": "VCID-nfbc-tutd-37bw"
                },
                {
                    "vulnerability": "VCID-pb3b-22wk-pbh5"
                },
                {
                    "vulnerability": "VCID-pmtw-nwnc-nyfw"
                },
                {
                    "vulnerability": "VCID-rysu-xhvt-yqda"
                },
                {
                    "vulnerability": "VCID-s49h-br5r-5yh8"
                },
                {
                    "vulnerability": "VCID-tpjn-4kru-vucv"
                },
                {
                    "vulnerability": "VCID-vj7z-pmk3-cydg"
                },
                {
                    "vulnerability": "VCID-vras-f42j-xqfg"
                },
                {
                    "vulnerability": "VCID-vy44-rbar-w3fn"
                },
                {
                    "vulnerability": "VCID-w8ff-8479-rbfq"
                },
                {
                    "vulnerability": "VCID-xwza-guvs-83a9"
                },
                {
                    "vulnerability": "VCID-yrx8-dtav-83av"
                },
                {
                    "vulnerability": "VCID-z5b8-kcbh-m7hr"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.1"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/62495?format=api",
            "purl": "pkg:pypi/apache-airflow-providers-mysql@4.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-mysql@4.0.0"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22884",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.76288",
                    "scoring_system": "epss",
                    "scoring_elements": "0.98953",
                    "published_at": "2026-05-30T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22884"
        },
        {
            "reference_url": "https://github.com/apache/airflow",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/apache/airflow"
        },
        {
            "reference_url": "https://github.com/apache/airflow/pull/28811",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-31T14:53:11Z/"
                }
            ],
            "url": "https://github.com/apache/airflow/pull/28811"
        },
        {
            "reference_url": "https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-31T14:53:11Z/"
                }
            ],
            "url": "https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h"
        },
        {
            "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22884",
            "reference_id": "CVE-2023-22884",
            "reference_type": "",
            "scores": [
                {
                    "value": "9.8",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "value": "CRITICAL",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22884"
        },
        {
            "reference_url": "https://github.com/advisories/GHSA-c732-xvv8-g94c",
            "reference_id": "GHSA-c732-xvv8-g94c",
            "reference_type": "",
            "scores": [],
            "url": "https://github.com/advisories/GHSA-c732-xvv8-g94c"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 77,
            "name": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
            "description": "The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component."
        },
        {
            "cwe_id": 937,
            "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."
        },
        {
            "cwe_id": 1035,
            "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."
        }
    ],
    "exploits": [],
    "severity_range_score": "9.0 - 10.0",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e41n-8a2f-53ay"
}

Vulnerability Instance