VulnerableCode.io REST API

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2721?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2721?format=api",
    "vulnerability_id": "VCID-5c7k-2w7y-53a4",
    "summary": "Security researcher Ash reported an issue where the\nextracted files for updates to existing files are not read only during the\nupdate process. This allows for the potential replacement or modification of\nthese files during the update process if a malicious application is present on\nthe local system.",
    "aliases": [
        {
            "alias": "CVE-2014-1496"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1154?format=api",
            "purl": "pkg:mozilla/Firefox@28.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@28.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1163?format=api",
            "purl": "pkg:mozilla/Firefox%20ESR@24.4.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.4.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api",
            "purl": "pkg:mozilla/Seamonkey@2.25.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1170?format=api",
            "purl": "pkg:mozilla/Thunderbird@24.4.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.4.0"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1496",
            "reference_id": "CVE-2014-1496",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1496"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-16",
            "reference_id": "mfsa2014-16",
            "reference_type": "",
            "scores": [
                {
                    "value": "none",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-16"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5c7k-2w7y-53a4"
}

Vulnerability Instance