Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/256359?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/256359?format=api", "vulnerability_id": "VCID-6ywt-8eh1-skgj", "summary": "", "aliases": [ { "alias": "CVE-2024-35228" }, { "alias": "GHSA-xxfm-vmcf-g33f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40752?format=api", "purl": "pkg:pypi/wagtail@6.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d4-1bj5-2yb5" }, { "vulnerability": "VCID-2upt-d3sg-ebea" }, { "vulnerability": "VCID-5p3e-kwee-ukfr" }, { "vulnerability": "VCID-9u79-7g62-23dk" }, { "vulnerability": "VCID-qf1m-zu2w-dbds" }, { "vulnerability": "VCID-yvjp-hx9y-mkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/40755?format=api", "purl": "pkg:pypi/wagtail@6.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12d4-1bj5-2yb5" }, { "vulnerability": "VCID-2upt-d3sg-ebea" }, { "vulnerability": "VCID-5p3e-kwee-ukfr" }, { "vulnerability": "VCID-9u79-7g62-23dk" }, { "vulnerability": "VCID-qf1m-zu2w-dbds" }, { "vulnerability": "VCID-yvjp-hx9y-mkgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.1.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80885?format=api", "purl": "pkg:pypi/wagtail@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qmx-g61u-g7dh" }, { "vulnerability": "VCID-6ywt-8eh1-skgj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/81590?format=api", "purl": "pkg:pypi/wagtail@6.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ywt-8eh1-skgj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/wagtail@6.1.0" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-35228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36614", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-35228" }, { "reference_url": "https://github.com/wagtail/wagtail", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wagtail/wagtail" }, { "reference_url": "https://github.com/wagtail/wagtail/commit/284f75a6f91f7ab18cc304d7d34f33b559ae37b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-31T16:19:13Z/" } ], "url": "https://github.com/wagtail/wagtail/commit/284f75a6f91f7ab18cc304d7d34f33b559ae37b1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35228", "reference_id": "CVE-2024-35228", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35228" }, { "reference_url": "https://github.com/advisories/GHSA-xxfm-vmcf-g33f", "reference_id": "GHSA-xxfm-vmcf-g33f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxfm-vmcf-g33f" }, { "reference_url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xxfm-vmcf-g33f", "reference_id": "GHSA-xxfm-vmcf-g33f", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-31T16:19:13Z/" } ], "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xxfm-vmcf-g33f" } ], "weaknesses": [ { "cwe_id": 280, "name": "Improper Handling of Insufficient Permissions or Privileges ", "description": "The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ywt-8eh1-skgj" }