VulnerableCode.io REST API

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2259?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2259?format=api",
    "vulnerability_id": "VCID-n4a2-kntd-sug6",
    "summary": "Mozilla security researcher moz_bug_r_a4 reported that frame\nscripts bypass XPConnect security checks when calling untrusted objects. This\nallows for cross-site scripting (XSS) attacks through web pages and Firefox\nextensions. The fix enables the Script Security Manager (SSM) to force security\nchecks on all frame scripts.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.",
    "aliases": [
        {
            "alias": "CVE-2012-0446"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1015?format=api",
            "purl": "pkg:mozilla/Firefox@10.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@10.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1019?format=api",
            "purl": "pkg:mozilla/SeaMonkey@2.7.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.7.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1017?format=api",
            "purl": "pkg:mozilla/Thunderbird@10.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@10.0.0"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446",
            "reference_id": "CVE-2012-0446",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-05",
            "reference_id": "mfsa2012-05",
            "reference_type": "",
            "scores": [
                {
                    "value": "critical",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-05"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": "9.0 - 10.0",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4a2-kntd-sug6"
}

Vulnerability Instance