Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/179941?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179941?format=api", "vulnerability_id": "VCID-8vyv-da9b-x7c5", "summary": "", "aliases": [ { "alias": "CVE-2021-36028" }, { "alias": "GHSA-5pjj-7fq8-9gpf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65593?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pt49-zfad-2fgb" }, { "vulnerability": "VCID-snxt-bv9t-nbdu" }, { "vulnerability": "VCID-yjrz-v74j-xbfx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/65594?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pt49-zfad-2fgb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65592?format=api", "purl": "pkg:composer/magento/community-edition@2.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qch-21pj-4yhs" }, { "vulnerability": "VCID-3d19-jvhv-kfej" }, { "vulnerability": "VCID-3mbp-mm4g-yybx" }, { "vulnerability": "VCID-3mg5-5bnt-3qb3" }, { "vulnerability": "VCID-5m9k-7pab-bygj" }, { "vulnerability": "VCID-63pe-4w5f-zqax" }, { "vulnerability": "VCID-6cm3-pkzs-wbdu" }, { "vulnerability": "VCID-8vyv-da9b-x7c5" }, { "vulnerability": "VCID-atcy-z6qm-7qcn" }, { "vulnerability": "VCID-atnt-jfyb-uydk" }, { "vulnerability": "VCID-dahp-ngf2-yfck" }, { "vulnerability": "VCID-ddnf-1ejm-g3fm" }, { "vulnerability": "VCID-ea9q-x4cf-wfdj" }, { "vulnerability": "VCID-esvp-gu4v-hkc8" }, { "vulnerability": "VCID-fk7u-x6n8-y3a8" }, { "vulnerability": "VCID-ktbz-cqsm-cqdh" }, { "vulnerability": "VCID-nf7q-381b-eufk" }, { "vulnerability": "VCID-qdse-avkx-7kb6" }, { "vulnerability": "VCID-snxt-bv9t-nbdu" }, { "vulnerability": "VCID-u3cx-xm7q-8uch" }, { "vulnerability": "VCID-x63j-5hm1-8kh9" }, { "vulnerability": "VCID-yhrq-kbj5-puaz" }, { "vulnerability": "VCID-yjrz-v74j-xbfx" }, { "vulnerability": "VCID-z5ak-93ax-gues" }, { "vulnerability": "VCID-zpta-g6q9-ykdh" }, { "vulnerability": "VCID-zt1b-5ytz-wqb6" }, { "vulnerability": "VCID-zzn5-7yxb-t3hf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/57944?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2-p1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qch-21pj-4yhs" }, { "vulnerability": "VCID-3d19-jvhv-kfej" }, { "vulnerability": "VCID-3mbp-mm4g-yybx" }, { "vulnerability": "VCID-3mg5-5bnt-3qb3" }, { "vulnerability": "VCID-5m9k-7pab-bygj" }, { "vulnerability": "VCID-63pe-4w5f-zqax" }, { "vulnerability": "VCID-6cm3-pkzs-wbdu" }, { "vulnerability": "VCID-8vyv-da9b-x7c5" }, { "vulnerability": "VCID-atcy-z6qm-7qcn" }, { "vulnerability": "VCID-atnt-jfyb-uydk" }, { "vulnerability": "VCID-dahp-ngf2-yfck" }, { "vulnerability": "VCID-ddnf-1ejm-g3fm" }, { "vulnerability": "VCID-ea9q-x4cf-wfdj" }, { "vulnerability": "VCID-esvp-gu4v-hkc8" }, { "vulnerability": "VCID-fk7u-x6n8-y3a8" }, { "vulnerability": "VCID-ktbz-cqsm-cqdh" }, { "vulnerability": "VCID-nf7q-381b-eufk" }, { "vulnerability": "VCID-pt49-zfad-2fgb" }, { "vulnerability": "VCID-qdse-avkx-7kb6" }, { "vulnerability": "VCID-u3cx-xm7q-8uch" }, { "vulnerability": "VCID-x63j-5hm1-8kh9" }, { "vulnerability": "VCID-yhrq-kbj5-puaz" }, { "vulnerability": "VCID-z5ak-93ax-gues" }, { "vulnerability": "VCID-zpta-g6q9-ykdh" }, { "vulnerability": "VCID-zt1b-5ytz-wqb6" }, { "vulnerability": "VCID-zzn5-7yxb-t3hf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2-p1" }, { "url": "http://public2.vulnerablecode.io/api/packages/57943?format=api", "purl": "pkg:composer/magento/community-edition@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qch-21pj-4yhs" }, { "vulnerability": "VCID-3d19-jvhv-kfej" }, { "vulnerability": "VCID-3mbp-mm4g-yybx" }, { "vulnerability": "VCID-3mg5-5bnt-3qb3" }, { "vulnerability": "VCID-5m9k-7pab-bygj" }, { "vulnerability": "VCID-63pe-4w5f-zqax" }, { "vulnerability": "VCID-6cm3-pkzs-wbdu" }, { "vulnerability": "VCID-8vyv-da9b-x7c5" }, { "vulnerability": "VCID-atcy-z6qm-7qcn" }, { "vulnerability": "VCID-atnt-jfyb-uydk" }, { "vulnerability": "VCID-dahp-ngf2-yfck" }, { "vulnerability": "VCID-ddnf-1ejm-g3fm" }, { "vulnerability": "VCID-ea9q-x4cf-wfdj" }, { "vulnerability": "VCID-esvp-gu4v-hkc8" }, { "vulnerability": "VCID-fk7u-x6n8-y3a8" }, { "vulnerability": "VCID-hb1m-rxm7-nyga" }, { "vulnerability": "VCID-kf9w-4pch-5yhm" }, { "vulnerability": "VCID-ktbz-cqsm-cqdh" }, { "vulnerability": "VCID-nf7q-381b-eufk" }, { "vulnerability": "VCID-pt49-zfad-2fgb" }, { "vulnerability": "VCID-qdse-avkx-7kb6" }, { "vulnerability": "VCID-u3cx-xm7q-8uch" }, { "vulnerability": "VCID-x63j-5hm1-8kh9" }, { "vulnerability": "VCID-yhrq-kbj5-puaz" }, { "vulnerability": "VCID-z5ak-93ax-gues" }, { "vulnerability": "VCID-zpta-g6q9-ykdh" }, { "vulnerability": "VCID-zt1b-5ytz-wqb6" }, { "vulnerability": "VCID-zzn5-7yxb-t3hf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/63240?format=api", "purl": "pkg:composer/magento/project-community-edition@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-16x4-fjuv-hbc4" }, { "vulnerability": "VCID-1qch-21pj-4yhs" }, { "vulnerability": "VCID-1wxk-rhfp-qqgp" }, { "vulnerability": "VCID-1xvu-3fjk-t7ay" }, { "vulnerability": "VCID-1yr5-8e84-cyf5" }, { "vulnerability": "VCID-2495-ugn7-v7fk" }, { "vulnerability": "VCID-2gjv-y49y-4yh7" }, { "vulnerability": "VCID-389t-bp5k-yqbw" }, { "vulnerability": "VCID-38rm-wf86-ryfw" }, { "vulnerability": "VCID-3d19-jvhv-kfej" }, { "vulnerability": "VCID-3d83-1r55-uqfb" }, { "vulnerability": "VCID-3hcd-r9gs-cfgh" }, { "vulnerability": "VCID-3jns-w9p4-jyca" }, { "vulnerability": "VCID-3mbp-mm4g-yybx" }, { "vulnerability": "VCID-3mg5-5bnt-3qb3" }, { "vulnerability": "VCID-3sn5-689e-cbhk" }, { "vulnerability": "VCID-3tpy-wktb-wqdj" }, { "vulnerability": "VCID-3vpy-uswf-5ugc" }, { "vulnerability": "VCID-3wnx-e9kp-fkg7" }, { "vulnerability": "VCID-46mz-swkk-suhn" }, { "vulnerability": "VCID-4kg3-wkw1-vqhy" }, { "vulnerability": "VCID-4phr-amm7-q3he" }, { "vulnerability": "VCID-4rga-e18t-myh6" }, { "vulnerability": "VCID-4w8w-6563-3kfb" }, { "vulnerability": "VCID-53d5-qzm4-vfgs" }, { "vulnerability": "VCID-5bn1-w5sa-ubft" }, { "vulnerability": "VCID-5fmh-e4j7-nbcf" }, { "vulnerability": "VCID-5m9k-7pab-bygj" }, { "vulnerability": "VCID-5wjs-5jc8-y7dv" }, { "vulnerability": "VCID-631j-28c3-zqam" }, { "vulnerability": "VCID-63pe-4w5f-zqax" }, { "vulnerability": "VCID-6cm3-pkzs-wbdu" }, { "vulnerability": "VCID-6gue-nxx5-u3h6" }, { "vulnerability": "VCID-7dbc-v42e-j7d6" }, { "vulnerability": "VCID-7jfc-dbkn-9fa4" }, { "vulnerability": "VCID-8crc-kmpq-63bd" }, { "vulnerability": "VCID-8vyv-da9b-x7c5" }, { "vulnerability": "VCID-8wm3-xqbd-zqf5" }, { "vulnerability": "VCID-94sc-9fyk-2uay" }, { "vulnerability": "VCID-9gte-ub5c-mqas" }, { "vulnerability": "VCID-9rdk-3631-eqcw" }, { "vulnerability": "VCID-9u6k-hbxd-8bds" }, { "vulnerability": "VCID-9v4c-gauv-wyh2" }, { "vulnerability": "VCID-a2mn-k8qn-j7c9" }, { "vulnerability": "VCID-a9hc-nhv2-7ubx" }, { "vulnerability": "VCID-ac6e-denb-w7hy" }, { "vulnerability": "VCID-annu-j9a3-xkhs" }, { "vulnerability": "VCID-atcy-z6qm-7qcn" }, { "vulnerability": "VCID-atnt-jfyb-uydk" }, { "vulnerability": "VCID-b6wy-nzzg-k3em" }, { "vulnerability": "VCID-bm3p-s43s-uuce" }, { "vulnerability": "VCID-c7rf-4ky3-tyev" }, { "vulnerability": "VCID-ca94-mqq1-jyaz" }, { "vulnerability": "VCID-ctr3-kt63-hybf" }, { "vulnerability": "VCID-d372-f5hu-1bhr" }, { "vulnerability": "VCID-dahp-ngf2-yfck" }, { "vulnerability": "VCID-ddnf-1ejm-g3fm" }, { "vulnerability": "VCID-de3q-b1v4-bybu" }, { "vulnerability": "VCID-dqfx-d99q-jyd1" }, { "vulnerability": "VCID-e514-8tra-9kg2" }, { "vulnerability": "VCID-ea9q-x4cf-wfdj" }, { "vulnerability": "VCID-eh85-akw2-4qby" }, { "vulnerability": "VCID-ekn2-uahd-4qgw" }, { "vulnerability": "VCID-enwr-t7r8-xyge" }, { "vulnerability": "VCID-epeq-fvse-xudw" }, { "vulnerability": "VCID-esvp-gu4v-hkc8" }, { "vulnerability": "VCID-eu82-bgnu-rue2" }, { "vulnerability": "VCID-euam-6b48-suhg" }, { "vulnerability": "VCID-ewjp-uxup-gqex" }, { "vulnerability": "VCID-f418-amxz-xfey" }, { "vulnerability": "VCID-f6vc-8z9a-cqej" }, { "vulnerability": "VCID-fk7u-x6n8-y3a8" }, { "vulnerability": "VCID-fs6u-kx4y-nqbh" }, { "vulnerability": "VCID-gdh1-vff1-cfc2" }, { "vulnerability": "VCID-gkb3-ddu2-qyg6" }, { "vulnerability": "VCID-gngq-4jm1-nffv" }, { "vulnerability": "VCID-gyd8-hu6s-wkgt" }, { "vulnerability": "VCID-hbre-ty72-g7gy" }, { "vulnerability": "VCID-hcbc-9c78-yye6" }, { "vulnerability": "VCID-hubk-cyxh-gbeu" }, { "vulnerability": "VCID-hwb9-yxzn-zub5" }, { "vulnerability": "VCID-jbzd-yjne-6ucr" }, { "vulnerability": "VCID-jede-wz7z-2ugt" }, { "vulnerability": "VCID-jew7-2yd7-8ffp" }, { "vulnerability": "VCID-jg5k-6vqh-57ey" }, { "vulnerability": "VCID-jgkp-2cew-c7hc" }, { "vulnerability": "VCID-jnsk-z1qy-8uh7" }, { "vulnerability": "VCID-khdx-kb5m-qyd7" }, { "vulnerability": "VCID-kj9m-ccf8-gyep" }, { "vulnerability": "VCID-ktbz-cqsm-cqdh" }, { "vulnerability": "VCID-mcuv-294k-5qc4" }, { "vulnerability": "VCID-mgk4-9tan-a7fj" }, { "vulnerability": "VCID-mgnu-rgqb-h7cw" }, { "vulnerability": "VCID-mn2q-e59e-9bhu" }, { "vulnerability": "VCID-mwg1-4tbg-53cg" }, { "vulnerability": "VCID-mxpb-g7qp-w3gp" }, { "vulnerability": "VCID-nf7q-381b-eufk" }, { "vulnerability": "VCID-ns3u-g7gm-kbfq" }, { "vulnerability": "VCID-ntcr-n7fp-j3ab" }, { "vulnerability": "VCID-p7gh-bgn5-kyfw" }, { "vulnerability": "VCID-p84d-d8gt-ukck" }, { "vulnerability": "VCID-pqpk-dh2p-4yc8" }, { "vulnerability": "VCID-pt49-zfad-2fgb" }, { "vulnerability": "VCID-qdse-avkx-7kb6" }, { "vulnerability": "VCID-qsq4-2nz1-p7hu" }, { "vulnerability": "VCID-qxz4-rh86-cfcu" }, { "vulnerability": "VCID-rgfy-hqz1-zyb4" }, { "vulnerability": "VCID-rhp2-bwp6-k3d4" }, { "vulnerability": "VCID-rmqf-8w57-uydk" }, { "vulnerability": "VCID-snxt-bv9t-nbdu" }, { "vulnerability": "VCID-t5m6-39fh-zfhg" }, { "vulnerability": "VCID-tk7j-4vsm-e7c6" }, { "vulnerability": "VCID-u3cx-xm7q-8uch" }, { "vulnerability": "VCID-u3gt-rhgh-p7ax" }, { "vulnerability": "VCID-u87h-sf89-k3ew" }, { "vulnerability": "VCID-u8ch-jew7-pubj" }, { "vulnerability": "VCID-ub5g-fuqv-xqej" }, { "vulnerability": "VCID-ueg1-1xj3-aqcq" }, { "vulnerability": "VCID-v7r7-xtq1-gug6" }, { "vulnerability": "VCID-vjad-xkj2-nygh" }, { "vulnerability": "VCID-vt4j-zfwn-m3cd" }, { "vulnerability": "VCID-vvzs-mjes-e3eq" }, { "vulnerability": "VCID-wbj6-ehhe-ybf1" }, { "vulnerability": "VCID-wdvt-5z3a-5bc2" }, { "vulnerability": "VCID-weqh-3ye3-nbbp" }, { "vulnerability": "VCID-whzv-vgev-rqd4" }, { "vulnerability": "VCID-wv9y-3kyz-hbgq" }, { "vulnerability": "VCID-x63j-5hm1-8kh9" }, { "vulnerability": "VCID-x9xn-qvau-kqhu" }, { "vulnerability": "VCID-xhej-jypg-7fah" }, { "vulnerability": "VCID-xum3-uvmz-efhj" }, { "vulnerability": "VCID-y9ew-ydqv-4kbf" }, { "vulnerability": "VCID-yh52-jggb-jfgx" }, { "vulnerability": "VCID-yhrq-kbj5-puaz" }, { "vulnerability": "VCID-yjgp-6ntk-xbc3" }, { "vulnerability": "VCID-yjrz-v74j-xbfx" }, { "vulnerability": "VCID-ypqs-5ju2-hkcz" }, { "vulnerability": "VCID-z5ak-93ax-gues" }, { "vulnerability": "VCID-zacs-wg6m-qyg4" }, { "vulnerability": "VCID-zgzb-haur-s7aq" }, { "vulnerability": "VCID-zndr-m4hp-gue2" }, { "vulnerability": "VCID-zpta-g6q9-ykdh" }, { "vulnerability": "VCID-zt1b-5ytz-wqb6" }, { "vulnerability": "VCID-zzn5-7yxb-t3hf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/project-community-edition@2.0.2" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36028", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11326", "scoring_system": "epss", "scoring_elements": "0.93663", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36028" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36028", "reference_id": "CVE-2021-36028", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36028" }, { "reference_url": "https://github.com/advisories/GHSA-5pjj-7fq8-9gpf", "reference_id": "GHSA-5pjj-7fq8-9gpf", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5pjj-7fq8-9gpf" } ], "weaknesses": [ { "cwe_id": 91, "name": "XML Injection (aka Blind XPath Injection)", "description": "The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": "0.5", "weighted_severity": "9.0", "risk_score": 4.5, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8vyv-da9b-x7c5" }