VulnerableCode.io REST API

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/22990?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22990?format=api",
    "vulnerability_id": "VCID-usnj-f1tv-p7eh",
    "summary": "OpenClaw's Synology Chat dmPolicy=allowlist failed open on empty allowedUserIds, allowing unauthorized agent dispatch\nIn `openclaw` versions `2026.2.22` and `2026.2.23`, the optional `synology-chat` channel plugin had an authorization fail-open condition: when `dmPolicy` was `allowlist` and `allowedUserIds` was empty/unset, unauthorized senders were still allowed through to agent dispatch.\n\nThis is assessed as **medium** severity because it requires channel/plugin setup and Synology sender access, but can still trigger downstream agent/tool actions.",
    "aliases": [
        {
            "alias": "CVE-2026-31998"
        },
        {
            "alias": "GHSA-gw85-xp4q-5gp9"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/73161?format=api",
            "purl": "pkg:npm/openclaw@2026.2.24",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-26du-1t53-kkg9"
                },
                {
                    "vulnerability": "VCID-29je-aptj-rue6"
                },
                {
                    "vulnerability": "VCID-3gqd-86hz-bbbw"
                },
                {
                    "vulnerability": "VCID-3y9t-nf4h-3qfz"
                },
                {
                    "vulnerability": "VCID-7bfc-65n9-rqgy"
                },
                {
                    "vulnerability": "VCID-7pwg-9c8s-aufr"
                },
                {
                    "vulnerability": "VCID-7qe2-mnh9-5fbm"
                },
                {
                    "vulnerability": "VCID-9cqw-a6a2-nbav"
                },
                {
                    "vulnerability": "VCID-b93t-4b79-kqf1"
                },
                {
                    "vulnerability": "VCID-f15v-1uxp-k7bq"
                },
                {
                    "vulnerability": "VCID-gq39-w2ua-3ua5"
                },
                {
                    "vulnerability": "VCID-jaxg-4q6k-yfck"
                },
                {
                    "vulnerability": "VCID-jvq7-fg12-qff9"
                },
                {
                    "vulnerability": "VCID-ngkr-an54-vydw"
                },
                {
                    "vulnerability": "VCID-q4sc-cnnf-5qhv"
                },
                {
                    "vulnerability": "VCID-sphc-z7ve-kugm"
                },
                {
                    "vulnerability": "VCID-t4e7-neu2-f7cg"
                },
                {
                    "vulnerability": "VCID-up8q-9der-b3as"
                },
                {
                    "vulnerability": "VCID-ypfb-w6h4-efdk"
                },
                {
                    "vulnerability": "VCID-yu4j-2k7j-z7fj"
                },
                {
                    "vulnerability": "VCID-ywq2-m4s8-y3bb"
                },
                {
                    "vulnerability": "VCID-yz1m-hhrg-kyf1"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.24"
        }
    ],
    "affected_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/73158?format=api",
            "purl": "pkg:npm/openclaw@2026.2.22",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-1syh-9dme-bfdn"
                },
                {
                    "vulnerability": "VCID-6k3m-6kjx-yfgn"
                },
                {
                    "vulnerability": "VCID-bbm8-2r84-puh5"
                },
                {
                    "vulnerability": "VCID-gq39-w2ua-3ua5"
                },
                {
                    "vulnerability": "VCID-rawy-syu6-q7g2"
                },
                {
                    "vulnerability": "VCID-usnj-f1tv-p7eh"
                },
                {
                    "vulnerability": "VCID-vfsy-yqgt-4bfr"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.22"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/73123?format=api",
            "purl": "pkg:npm/openclaw@2026.2.23",
            "is_vulnerable": true,
            "affected_by_vulnerabilities": [
                {
                    "vulnerability": "VCID-14dm-xdbs-jyag"
                },
                {
                    "vulnerability": "VCID-4k99-uxvr-xqdk"
                },
                {
                    "vulnerability": "VCID-4t15-ucme-rfds"
                },
                {
                    "vulnerability": "VCID-7fne-xf3e-nbf4"
                },
                {
                    "vulnerability": "VCID-9ncn-x24u-p3d2"
                },
                {
                    "vulnerability": "VCID-er7e-mmer-2fam"
                },
                {
                    "vulnerability": "VCID-eubb-389j-a3aj"
                },
                {
                    "vulnerability": "VCID-fd3n-z36p-qyem"
                },
                {
                    "vulnerability": "VCID-j56m-mjsq-vkg2"
                },
                {
                    "vulnerability": "VCID-mggm-k7ad-euah"
                },
                {
                    "vulnerability": "VCID-nsu6-ny82-qyh2"
                },
                {
                    "vulnerability": "VCID-rawy-syu6-q7g2"
                },
                {
                    "vulnerability": "VCID-tjyg-pe2k-rffg"
                },
                {
                    "vulnerability": "VCID-usnj-f1tv-p7eh"
                },
                {
                    "vulnerability": "VCID-ze3j-1fak-pqfz"
                }
            ],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/openclaw@2026.2.23"
        }
    ],
    "references": [
        {
            "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-31998",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "0.00071",
                    "scoring_system": "epss",
                    "scoring_elements": "0.21767",
                    "published_at": "2026-05-30T12:55:00Z"
                }
            ],
            "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-31998"
        },
        {
            "reference_url": "https://github.com/openclaw/openclaw",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "5.3",
                    "scoring_system": "cvssv4",
                    "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
                },
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/openclaw/openclaw"
        },
        {
            "reference_url": "https://github.com/openclaw/openclaw/commit/0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "8.6",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"
                },
                {
                    "value": "5.3",
                    "scoring_system": "cvssv4",
                    "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
                },
                {
                    "value": "8.3",
                    "scoring_system": "cvssv4",
                    "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"
                },
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:33:28Z/"
                }
            ],
            "url": "https://github.com/openclaw/openclaw/commit/0ee30361b8f6ef3f110f3a7b001da6dd3df96bb5"
        },
        {
            "reference_url": "https://github.com/openclaw/openclaw/commit/7655c0cb3a47d0647cbbf5284e177f90b4b82ddb",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "8.6",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"
                },
                {
                    "value": "5.3",
                    "scoring_system": "cvssv4",
                    "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
                },
                {
                    "value": "8.3",
                    "scoring_system": "cvssv4",
                    "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"
                },
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:33:28Z/"
                }
            ],
            "url": "https://github.com/openclaw/openclaw/commit/7655c0cb3a47d0647cbbf5284e177f90b4b82ddb"
        },
        {
            "reference_url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-synology-chat-plugin-via-empty-alloweduserids",
            "reference_id": "",
            "reference_type": "",
            "scores": [
                {
                    "value": "8.6",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"
                },
                {
                    "value": "5.3",
                    "scoring_system": "cvssv4",
                    "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
                },
                {
                    "value": "8.3",
                    "scoring_system": "cvssv4",
                    "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"
                },
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:33:28Z/"
                }
            ],
            "url": "https://www.vulncheck.com/advisories/openclaw-authorization-bypass-in-synology-chat-plugin-via-empty-alloweduserids"
        },
        {
            "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31998",
            "reference_id": "CVE-2026-31998",
            "reference_type": "",
            "scores": [
                {
                    "value": "5.3",
                    "scoring_system": "cvssv4",
                    "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
                },
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31998"
        },
        {
            "reference_url": "https://github.com/advisories/GHSA-gw85-xp4q-5gp9",
            "reference_id": "GHSA-gw85-xp4q-5gp9",
            "reference_type": "",
            "scores": [
                {
                    "value": "MODERATE",
                    "scoring_system": "cvssv3.1_qr",
                    "scoring_elements": ""
                }
            ],
            "url": "https://github.com/advisories/GHSA-gw85-xp4q-5gp9"
        },
        {
            "reference_url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gw85-xp4q-5gp9",
            "reference_id": "GHSA-gw85-xp4q-5gp9",
            "reference_type": "",
            "scores": [
                {
                    "value": "8.6",
                    "scoring_system": "cvssv3.1",
                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L"
                },
                {
                    "value": "MODERATE",
                    "scoring_system": "cvssv3.1_qr",
                    "scoring_elements": ""
                },
                {
                    "value": "5.3",
                    "scoring_system": "cvssv4",
                    "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
                },
                {
                    "value": "8.3",
                    "scoring_system": "cvssv4",
                    "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N"
                },
                {
                    "value": "MODERATE",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                },
                {
                    "value": "Track",
                    "scoring_system": "ssvc",
                    "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:33:28Z/"
                }
            ],
            "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-gw85-xp4q-5gp9"
        }
    ],
    "weaknesses": [
        {
            "cwe_id": 284,
            "name": "Improper Access Control",
            "description": "The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor."
        },
        {
            "cwe_id": 863,
            "name": "Incorrect Authorization",
            "description": "The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions."
        },
        {
            "cwe_id": 937,
            "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."
        },
        {
            "cwe_id": 1035,
            "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities",
            "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."
        }
    ],
    "exploits": [],
    "severity_range_score": "4.0 - 8.6",
    "exploitability": "0.5",
    "weighted_severity": "6.2",
    "risk_score": 3.1,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-usnj-f1tv-p7eh"
}

Vulnerability Instance